Cross-site scripting is a potentially dangerous security exposure that should be considered when designing a secure Web-based application
Coss-site scripting poses server application risks that include, but are not limited to, the following:
- Users can unknowingly execute malicious scripts when viewing dynamically generated pages based on content provided by an attacker.
- An attacker can take over the user session before the user's session cookie expires.
- An attacker can connect users to a malicious server of the attacker's choice.
- An attacker who can convince a user to access a URL supplied by the attacker could cause script or HTML of the attacker's choice to be executed in the user's browser.
- Using this technique, an attacker can take actions with the privileges of the user who accessed the URL, such as issuing queries on the underlying SQL databases and viewing the results and to exploit the known faulty implementations on the target system.
To know more about Cross site scripting visit following URL
http://www.cgisecurity.com/articles/xss-faq.shtml
Microsoft has realeased a anti-cross site scripting Library which can be used to provide comprehensive protection to Web-based applications against Cross-Site Scripting (XSS) attacks.
It can be downloaded from following link
http://www.microsoft.com/downloads/details.aspx?FamilyID=9A2B9C92-7AD9-496C-9A89-AF08DE2E5982&displaylang=en