Related Vulnerabilities
In Universal Cross Site Scripting (UXSS, or Universal XSS), vulnerabilities in the browser are exploited, rather than in other websites in XSS.
Several classes of vulnerabilities or attack techniques are related to XSS: cross-zone scripting exploits "zone" concepts in certain browsers and usually executes code with a greater privilege. HTTP header injection can be used to create cross-site scripting conditions due to escaping problems on HTTP protocol level (in addition to enabling attacks such as HTTP response splitting).
Cross-site request forgery (CSRF/XSRF) is almost the opposite of XSS, in that rather than exploiting the user's trust in a site, the attacker (and his malicious page) exploits the site's trust in the client software, submitting requests that the site believes represent conscious and intentional actions of authenticated users. XSS vulnerabilities (even in other applications running on the same domain) allow attackers to bypass Cross-site request forgery (CSRF/XSRF) preventions.
Lastly, SQL injection exploits a vulnerability in the database layer of an application. When user input is incorrectly filtered any SQL statements can be executed by the application.
Read more about this topic: Cross-site Scripting
Famous quotes containing the word related:
“The content of a thought depends on its external relations; on the way that the thought is related to the world, not on the way that it is related to other thoughts.”
—Jerry Alan Fodor (b. 1935)