Reputation: 367
Cross site Scripting(XSS) Vulnerability possible
My website doesn't have a search input but it has hyperlinks to other sites should I worry about XSS(cross site scripting) vulnerability.
Upvotes: 0
Views: 450
Answers (2)
Reputation: 121
XSS can be not only in search input field =). Any input, which your web application outputs and does not perform filtration leads to XSS. If you have outdated JS libraries (e.g. old version of jQuery) - it can also contain vulnerable code and lead to XSS.
Upvotes: 1
Reputation: 3773
You should only link to websites that are secure and trusted. An example of a trusted website is one that uses https or one which is ranked high in Google.
If you link to an untrusted website, then its possible that when your visitors click on the link to the untrusted website, they are taken to a malicious website that serves malware or steals user credentials.
Upvotes: 0
Related Questions
- How to test using Cross-site Scripting (XSS)
- Cross Site Scripting injection
- Cross site scripting (XSS) possible?
- Issue regarding the XSS (Cross Site Scripting) attack
- Cross Site Scripting Issue
- Cross-site scripting and ASP.NET
- Web Application Cross Site Scripting
- Cross Site Scripting Attack, troubles
- What are the possible attack vectors for reflected cross site scripting?
- How to avoid "Cross-Site Script Attacks"