A CDE Definition
Modifying elements in the URL sent to a website in order to obtain unauthorized information. User queries are often passed to the database in the Web server by appending search arguments to the URL used to locate the site. By modifying the arguments (parameters) in the query, the malicious user can navigate the database and retrieve and/or modify its contents. See XSS.
(CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it.
An "XSS hole" is a vulnerability in an application that enables cross-site scripting to be exploited. See parameter tampering and CSRF.
Before/After Your Search Term
Terms By Topic
Click any of the following categories for a list of fundamental terms.