Related Vulnerabilities
In Universal Cross Site Scripting (UXSS, or Universal XSS), vulnerabilities in the browser are exploited, rather than in other websites in XSS.
Several classes of vulnerabilities or attack techniques are related to XSS: cross-zone scripting exploits "zone" concepts in certain browsers and usually executes code with a greater privilege. HTTP header injection can be used to create cross-site scripting conditions due to escaping problems on HTTP protocol level (in addition to enabling attacks such as HTTP response splitting).
Cross-site request forgery (CSRF/XSRF) is almost the opposite of XSS, in that rather than exploiting the user's trust in a site, the attacker (and his malicious page) exploits the site's trust in the client software, submitting requests that the site believes represent conscious and intentional actions of authenticated users. XSS vulnerabilities (even in other applications running on the same domain) allow attackers to bypass Cross-site request forgery (CSRF/XSRF) preventions.
Lastly, SQL injection exploits a vulnerability in the database layer of an application. When user input is incorrectly filtered any SQL statements can be executed by the application.
Read more about this topic: Cross-site Scripting
Famous quotes containing the word related:
“Perhaps it is nothingness which is real and our dream which is non-existent, but then we feel think that these musical phrases, and the notions related to the dream, are nothing too. We will die, but our hostages are the divine captives who will follow our chance. And death with them is somewhat less bitter, less inglorious, perhaps less probable.”
—Marcel Proust (1871–1922)