{"id":21996,"date":"2024-01-29T10:17:56","date_gmt":"2024-01-29T08:17:56","guid":{"rendered":"https:\/\/wpbeveiligen.nl\/?p=21996"},"modified":"2023-07-27T10:19:09","modified_gmt":"2023-07-27T08:19:09","slug":"wat-is-xss-alles-over-cross-site-scripting-2","status":"publish","type":"post","link":"https:\/\/wpbeveiligen.nl\/en\/wat-is-xss-alles-over-cross-site-scripting-2\/","title":{"rendered":"Wat is XSS? Alles over: Cross Site Scripting"},"content":{"rendered":"<p><strong>Cross Site Scripting (XSS) becomes possible when forms are not properly closed or do not filter the information you can enter.<\/strong><\/p>\n<p>The term &#8220;XSS&#8221; stands for Cross Site Scripting, and it was adapted because &#8220;CSS&#8221; (Cascading Style Sheets) already existed.<\/p>\n<h2>How does Cross Site Scripting work?<\/h2>\n<p>When a form does not use &#8220;htmlspecialchars,&#8221; and all characters entered in an input field can be fully processed, it gives the opportunity to execute PHP on the website\/server.<\/p>\n<p>Through XSS, you can issue commands to the server. Consider what you can do with that capability\u2014modifying, saving, executing files, and other tasks that are typically limited to website administrators.<\/p>\n<h2>What are the disadvantages if someone successfully executes Cross Site Scripting on your website?<\/h2>\n<ol>\n<li>Your website&#8217;s appearance can be modified.<\/li>\n<li>Pages that were meant to be private or for paid users only may become visible.<\/li>\n<li>Information from you and your visitors can be stolen (e.g., information in cookies).<\/li>\n<li>Phishing code can be added to your site, resulting in a quick Google ban.<\/li>\n<li>Trojans can be offered to visitors&#8217; computers without your knowledge.<\/li>\n<li>Keystrokes on the keyboard can be logged (e.g., what you type when logging into your bank&#8217;s website).<\/li>\n<li>Your browser can crash due to a forced error overload.<\/li>\n<li>And more&#8230;<\/li>\n<\/ol>\n<h2>Beyond website modifications, XSS also impacts your browser\/computer<\/h2>\n<p>&#8211; Through the browser, the webcam can be activated, and a recording started.<br \/>\n&#8211; Listening through the microphone is possible.<br \/>\n&#8211; Files can be saved.<br \/>\nAnd so on&#8230;<\/p>\n<h2>I&#8217;ve never encountered XSS as a visitor to websites&#8230; have I?<\/h2>\n<p>Have you seen the popup: &#8220;Do you want to leave this page?&#8221; In many cases, you can click [x] to close it. However, if you cannot close it and you find yourself on a website that isn&#8217;t very trustworthy, assume that there are pieces of code under the &#8220;leave page&#8221; and &#8220;go back&#8221; buttons that you&#8217;d rather not execute on your PC.<\/p>\n<p>In such cases, it&#8217;s best to close the browser completely! (Use Task Manager in Windows to end the browser process)<\/p>\n<h2>How do I prevent XSS issues on my WordPress website?<\/h2>\n<p>You can check the <a href=\"https:\/\/wpvulndb.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">WPscan database<\/a> to see if any of your plugins have vulnerabilities.<br \/>\nKeeping WordPress up-to-date is essential, especially if it&#8217;s not properly secured. WordPress sometimes updates twice a month when Cross Site Scripting vulnerabilities are found!<\/p>\n<p>The best practice is to ensure that your <a href=\"\/handleiding-beveilig-je-wordpress-website-goed-met-de-gratis-ithemes-security-plugin\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress website is secured<\/a>. When your website is secure and a hacker or script cannot easily place or modify files, you prevent a significant portion of potential issues.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cross Site Scripting (XSS) becomes possible when forms are not properly closed or do not filter the information you can enter. The term &#8220;XSS&#8221; stands for Cross Site Scripting, and it was adapted because &#8220;CSS&#8221; (Cascading Style Sheets) already existed. How does Cross Site Scripting work? When a form does not use &#8220;htmlspecialchars,&#8221; and all [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":661,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[186,167],"tags":[],"_links":{"self":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts\/21996"}],"collection":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/comments?post=21996"}],"version-history":[{"count":1,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts\/21996\/revisions"}],"predecessor-version":[{"id":23105,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts\/21996\/revisions\/23105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/media\/661"}],"wp:attachment":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/media?parent=21996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/categories?post=21996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/tags?post=21996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}