Beware of Cross-Site Scripting!

August 14, 2012 in Cyber Attacks

The popularity of blogging software, with all its vulnerabilities, has spawned thousands of malicious cross-site scripting attacks. With each technological advance, new targets are created for the unscrupulous hacker.

Who Has Been Targeted With Cross-Site Scripting?

Hackers have not neglected immense commercial sites. Facebook, PayPal, Hotmail, Gmail and Twitter have all had issues with cross-site scripting. Often referred to as XSS, cross-site scripting is a major threat to blogs. Owners of blogs should be aware of the dangers, and what actions must be taken to prevent a cross-site scripting attack on their site.

Blog Vulnerabilities and XSS

Most cross-site scripting vulnerabilities take place on server-side code, while DOM (document object model) is a method used by hackers to exploit vulnerabilities on client-side code. Running antivirus or spyware blockers provide some protection, but not nearly enough to prevent attacks from outside.

Possible Results of Cross-Site Scripting Attacks

These are just a few of the many consequences of a cross-site scripting attack:

  • Website downtime
  • Theft of user accounts
  • Theft of credit card numbers and passwords
  • Theft of session cookies
  • Theft of users’ files
  • Manipulation of files
  • Loss of confidence in the business
  • Creation of fake log-in pages
  • Fake posts redirecting to malicious pages
  • Installation of malware in users’ computers

It only takes a single XSS vulnerability to create havoc for a business. Since it is estimated that over 80% of websites have one or more cross-site scripting vulnerabilities, hackers are never unemployed.

Does Your Website Have Cross-Site Scripting Vulnerabilities?

The chance that your website has exploitable vulnerabilities is very high. Every business, large or small, has a responsibility to its customers to provide a safe platform for their personal data.

Luckily, there is an affordable way to secure your site, and your customers, against these malicious attacks. SiteLock can clean your site and harden up your system. The cleaning removes existing malware, exposes and corrects vulnerabilities, and closes those back doors that hackers so easily exploit. Hardening is defined as removing security risks, along with the removal of all non-essential utilities and software. This is a critical service for blogs and other sites with content management systems.


Don’t wait until your site is decimated by a cross-site scripting attack. Be proactive and talk to SiteLock about an affordable security program for your blog, including a web application firewall and malware scanning services.

It’s always best to prevent disaster, but if your site has already been attacked, SiteLock can examine the issues, evaluate the damage, resolve the problems, and restore your site. Call us today at 855.378.6200.

Latest Articles
Follow SiteLock