Security Xss Impact


// Security - Cross Site Scripting - Impact

Some attackers are financially motivated and would look to compromise credit 
card or bank account information. Some attackers are politically or socially 
motivated and may look to deface a page, impacting a company's reputation as a 
form of protest. Or even attackers may be hired by a competitor to target user 
accounts with a goal of accessing your data as a form of corporate espionage. 
Here are some of the impacts of XSS attacks:

1. Arbitrary requests: An attacker can use XSS to send requests that appear to 
   be from the victim to the web server.  Example of this is transferring fund, 
   or approving a transaction, action, requests, without the victim's knowlegde.

2. Malware download: XSS can prompt the user to download malware. Since the 
   prompt looks like a legitimate request from the site, the user may be more 
   likely to trust the request and actually install the malware.

3. Log keystrokes — The attacker can monitor keyboard entries, possibly finding 
   usernames and passwords to access accounts at later dates.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License