Instant Messaging and Cross Site Scripting (XSS)

Seminar paper from the year 2011 in the subject Computer Science - IT-Security, Ruhr-University of Bochum (Netz und Datensicherheit), course: IT Sicherheit, language: English, abstract: Cross-Site Scripting is a wide-spread kind of attack. It has been reported and exploited since the 1990s and became more and more important in the era of Web 2.0. Roughly 80 percent of all security vulnerabilities are Cross-Site Scripting [Syman2007]. But Cross-Site Scripting has always been a web application security hole so far and everyone focused on secure programming of web applications. In addition to this, there are many more possibilities of data exchange like instant messaging. Instant messaging clients were developed further and are now able to interpret HTML. This new potential of security holes is the emphasis of this work. The focus is on the question: Is it possible to execute JavaScript in file system context?