Related Vulnerabilities
In Universal Cross Site Scripting (UXSS, or Universal XSS), vulnerabilities in the browser are exploited, rather than in other websites in XSS.
Several classes of vulnerabilities or attack techniques are related to XSS: cross-zone scripting exploits "zone" concepts in certain browsers and usually executes code with a greater privilege. HTTP header injection can be used to create cross-site scripting conditions due to escaping problems on HTTP protocol level (in addition to enabling attacks such as HTTP response splitting).
Cross-site request forgery (CSRF/XSRF) is almost the opposite of XSS, in that rather than exploiting the user's trust in a site, the attacker (and his malicious page) exploits the site's trust in the client software, submitting requests that the site believes represent conscious and intentional actions of authenticated users. XSS vulnerabilities (even in other applications running on the same domain) allow attackers to bypass Cross-site request forgery (CSRF/XSRF) preventions.
Lastly, SQL injection exploits a vulnerability in the database layer of an application. When user input is incorrectly filtered any SQL statements can be executed by the application.
Read more about this topic: Cross-site Scripting
Famous quotes containing the word related:
“There is nothing but is related to us, nothing that does not interest us,—kingdom, college, tree, horse, or iron show,—the roots of all things are in man.”
—Ralph Waldo Emerson (1803–1882)