Date Published: February 24, 2022
Using XSS to steal access
Issue¶
I would like to understand the security implications of Cross Site Scripting (XSS)?
Resolution¶
We've talked about Cross Site Scripting (XSS) before, and for good reason; it's a risk far too many websites are vulnerable to. The basic threat of XSS to your website's security is that it runs in the context of the trusted relationship between your browser and a website.
XSS cookie theft¶
Another example of an XSS exploit is using XSS to steal administrative access to a website:
- An attacker enters JavaScript that steals the visitor's browser cookie.
- An administrator unknowingly executes this JavaScript.
- The administrator's browser sends the cookie to the attacker's website.
- The attacker uses the stolen cookie to use the administrator's access on the website.
Mitigation¶
XSS vulnerabilities are extremely common in web applications, so you should audit your configuration and custom code for adherence to Drupal best practices.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.