Home

Crosssite

Crosssite is a term used in web security to describe phenomena that occur when data, behavior, or requests cross from one site or domain to another. It is used to describe issues arising from interactions across sites, including how browsers enforce security boundaries like the same-origin policy and how attackers can exploit trust relationships between sites. The term is most often encountered in discussions of vulnerabilities such as cross-site scripting and cross-site request forgery.

Cross-site scripting (XSS) is a class of vulnerabilities that allow an attacker to inject and execute malicious

Cross-site request forgery (CSRF) is a different class, where an attacker entices a user to perform an

Mitigation of crosssite risks involves defense in depth: input validation and output encoding, the use of a

See also: cross-site scripting, content security policy, same-origin policy, cross-site request forgery.

scripts
in
the
context
of
a
trusted
website.
The
exploit
can
run
in
the
victim’s
browser
and
access
data
such
as
cookies
or
local
storage.
XSS
is
commonly
categorized
as
stored,
reflected,
or
DOM-based,
depending
on
where
the
payload
resides
and
how
it
is
triggered.
action
on
a
web
application
in
which
they
are
authenticated.
The
site
treats
the
request
as
legitimate
because
the
user’s
browser
presents
valid
credentials.
Defenses
include
anti-CSRF
tokens,
SameSite
cookies,
and
requiring
explicit
user
actions
for
state-changing
operations.
content
security
policy
(CSP)
to
restrict
script
execution,
proper
handling
of
authentication,
session
management,
and
secure
cookie
flags.
Web
frameworks
often
provide
built-in
protections
and
developers
should
follow
security
best
practices.