[Owasp-leaders] A great story

Achim achim at owasp.org
Fri Feb 1 22:48:59 UTC 2013


I was not refering to the academic correct definition, which does not exist, IIRC
but to the common use of the acronym XSS.

Hope this helps to clarify ...
Achim

Am 01.02.2013 23:39, schrieb Konstantinos Papapanagiotou:
> That's actually the result (or impact) of the attack. Code injection that takes advantage of an XSS vulnerability is the attack vector.
> 
> Kostas
> 
> 
> On 2 Φεβ 2013, at 0:33, Jim Manico <jim.manico at owasp.org> wrote:
> 
>> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
>>
>> An attack would be something like "Site Defacement using XSS".
>>
>> Aloha,
>> Jim
>>
>>> Roughly. XSS is used as
>>> xss = weakness, vulnerability, attack (and some more)


More information about the OWASP-Leaders mailing list