Cross Site Script Inclusion
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Anti-CSRF
Invented In:
05/05/2011
Added In:
12/12/2014
Vector Operation Method:
Malicious websites can gain access to user specific content embedded into dynamically generated javascript files hosted on other servers, by referencing these files in script tags presented to the user in the malicious website.
