Cross-Site Scripting Hacks in Web Applications
For example, an XSS attack can display the user ID and password login page from another rogue website. If users unknowingly enter their user IDs and passwords in the login page, the user IDs and passwords are entered into the hacker’s web server log file.
Other malicious code can be sent to a victim’s computer and run with the same security privileges as the web browser or e-mail application that’s viewing it on the system; the malicious code could provide a hacker with full Read/Write access to browser cookies, browser history files, or even permit the download/installation of malware.
If a window pops up that reads XSS, the application is vulnerable.
Another web vulnerability scanner that’s very good at uncovering XSS that many other scanners won’t find is NTOSpider from NT Objectives. NTOSpider works better than other scanners at performing authenticated scans against applications that use multi-factor authentication systems. NTOSpider should definitely be on your radar as a potential primary or secondary scanner. Remember: When it comes to web vulnerabilities, the more scanners the better!