Cross-site scripting (XSS) vulnerabilities have long been a favorite target of threat actors. In fact, XSS risks topped the Common Weakness Enumeration's list of the 25 Most Dangerous Software Weaknesses in 2020. XSS attacks affect all industries; recent research found a cross-site scripting bug in Froala, a What-You-See-Is-What-You-Get (WYSISYG) website editing platform used by roughly 30,000 web domains.
In a new Help Net Security article, WatchGuard Senior Security Analyst Marc Laliberte outlines why XSS attacks are still a critical issue in 2021 and offers expert tips on how to avoid such threats. Here’s a brief excerpt:
“The rapid increase in the remote workforce brings with it many new security challenges, but XSS risks haven’t changed dramatically as a result. Though XSS vulnerabilities directly impact the visitor of a web application, they reside in the web application (the website) itself. That said, as organizations had to quickly shift to enabling remote work, many chose to expose previously internal web applications to the internet or sign up for new Cloud services.
Adversaries took note of this increase in attack surface. We’ve tracked a steady increase in network attacks like XSS exploits targeting web apps and other exposed resources since the start of the pandemic in our Q4 2020 Internet Security Report, and the gradual reopening of offices hasn’t stopped that growth.”