(also cross-site scripting, XSS attack, cross-site scripting attack)
A cyberattack that exploits website vulnerabilities to inject dangerous scripts into seemingly safe pages. Browsers can’t sort good code from bad, so visitors end up executing these scripts to infect their devices or expose account credentials.
Real XSS attack examples
- 2015: Attackers exploited an eBay vulnerability to gain full access to seller accounts, manipulate listings, and steal payment details.
- 2018: Hackers modified the British Airways website to send customer data to a fake server, skimming credit card details from 380,000 transactions.
Protecting against XSS attacks
- Check the URL for any irregularities
- Open the webpage’s code in your browser and check for malicious scripts
- Use a secure, up-to-date browser
- Use a tool to filter out known compromised websites, like NordVPN’s Threat Protection