User:Sohom Datta/Universal cross-site scripting

In internet security, universal cross-site scripting(also known as UXSS, or Universal XSS) is a type of cross-site scripting attack that relies on vulnerabilities in the browser, browser extensions and associated browser plugins to execute code on multiple websites ^{[1][2][3][4][5][6]}

Background

History

Mechanism

Defences

References

1. Kim, Sunwoo; Kim, Young Min; Hur, Jaewon; Song, Suhwan; Lee, Gwangmu; Lee, Byoungyoung (2022). {FuzzOrigin}: Detecting {UXSS} vulnerabilities in Browsers through Origin Fuzzing. pp. 1008–1023. ISBN 978-1-939133-31-1.
2. "Analysis of UXSS exploits and mitigations in Chromium". research.google. Retrieved 2024-01-10.
3. Fass, Aurore; Somé, Dolière Francis; Backes, Michael; Stock, Ben (2021-11-13). "DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale". Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. CCS '21. New York, NY, USA: Association for Computing Machinery. pp. 1789–1804. doi:10.1145/3460120.3484745. ISBN 978-1-4503-8454-4. S2CID 243732258.
4. Reis, Charles; Moshchuk, Alexander; Oskov, Nasko (2019). Site Isolation: Process Separation for Web Sites within the Browser. pp. 1661–1678. ISBN 978-1-939133-06-9.
5. Kim, Young Min; Lee, Byoungyoung (2023). Extending a Hand to Attackers: Browser Privilege Escalation Attacks via Extensions. pp. 7055–7071. ISBN 978-1-939133-37-3.
6. Song, Wei; Huang, Qingqing; Huang, Jeff (2020). "Understanding JavaScript Vulnerabilities in Large Real-World Android Applications". IEEE Transactions on Dependable and Secure Computing. 17 (5): 1063–1078. doi:10.1109/TDSC.2018.2845851. Retrieved 2024-01-10.