Detection of XSS vulnerabilities in OJS

• Autorzy: Buchyk Serhii , Ziubina Ruslana , Yuzhakova Tetiana , Shabanova Anastasiia

Identyfikatory

DOI

10.24425/ijet.2025.153548

• Języki publikacji: EN

Abstrakty

EN

This article analyzes XSS vulnerabilities in OJS (Open Journal Systems) and develops a model for protecting against these attacks. It discusses different types of XSS attacks, vulnerabilities in OJS, methods of detecting them, and potential consequences for system security. The article describes a specific vulnerability that can be exploited to inject malicious code through user input of specially generated data. Based on the analysis, a protection model is developed, which includes the introduction of restrictions for vulnerable fields, encoding, and filtering of data before displaying it on the page. This article is essential for OJS administrators and developers to ensure high security and protection against potential XSS attacks.

Słowa kluczowe

EN

OJS; Open Journal System; vulnerabilities; XSS; website; web applications; XSS attacks; detection of vulnerabilities

• Wydawca: Polish Academy of Sciences, Committee of Electronics and Telecommunication
• Czasopismo: International Journal of Electronics and Telecommunications
• Rocznik: 2025
• Tom: Vol. 71, No. 1
• Strony: 101--106
• Opis fizyczny: Bibliogr., 11 poz., rys.

Twórcy

autor

Buchyk Serhii

• Taras Shevchenko National University of Kyiv, Kyiv, Ukraine

autor

Ziubina Ruslana

• University of Bielsko-Biala, Bielsko-Biala, Poland

autor

Yuzhakova Tetiana

• Taras Shevchenko National University of Kyiv, Kyiv, Ukraine

autor

Shabanova Anastasiia

• Taras Shevchenko National University of Kyiv, Kyiv, Ukraine

Bibliografia

• [1] A survey of detection methods for XSS attacks. [Online]. Available: https://www.sciencedirect.com/science/article/abs/pii/S1084804518302042
• [2] 35+ Cross-Site Scripting Statistics That Will Baffle You. [Online]. Available: https://securityescape.com/cross-site-scripting-statistics/
• [3] B. Gogoi, T. Ahmed, and H. K. Saikia, "Detection of XSS Attacks in Web Applications: A Machine Learning Approach." [Online]. Available: https://www.ijircst.org/DOC/1-detection-of-xss-attacks-in-web-applications-a-machine-learning-approach.pdf
• [4] What is XSS Hunter? [Online]. Available: https://www.hispa.eu/features
• [5] Testing for Reflected Cross Site Scripting. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting
• [6] C. R. Pardomuan, A. Kurniawan, M. Y. Darus, M. A. M. Ariffin, and Y. Muliono, "Server-Side Cross-Site Scripting Detection Powered by HTML Semantic Parsing Inspired by XSS Auditor." [Online]. Available: http://www.pertanika.upm.edu.my/resources/files/Pertanika%20PAPERS/JST%20Vol.%2031%20(3)%20Apr.%202023/14%20JST-3458-2022.pdf
• [7] HTTP Security Response Headers Cheat Sheet. [Online]. Available: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html
• [8] The HttpOnly Flag – Protecting Cookies against XSS. [Online]. Available: https://www.acunetix.com/blog/web-security-zone/httponly-flag-protecting-cookies/
• [9] DOM Based Cross Site Scripting or XSS of the Third Kind. [Online]. Available: http://www.webappsec.org/projects/articles/071105.shtml
• [10] S. Buchyk, D. Shutenko, and S. Toliupa, "Phishing Attacks Detection," in IX International Scientific Conference “Information Technology and Implementation" (IT&I-2022), Workshop Proceedings, Kyiv, Ukraine, Nov. 30 - Dec. 02, 2022, pp. 193–201.
• [11] S. Toliupa, S. Buchyk, A. Shabanova, and O. Buchyk, "The Method for Determining the Degree of Suspiciousness of a Phishing URL," in X International Scientific Conference "Information Technology and Implementation" (IT&I-2023), Workshop Proceedings (IT&I-WS 2023), Kyiv, Ukraine, Nov. 20-21, 2023, pp. 239-247.

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa nr POPUL/SP/0154/2024/02 w ramach programu "Społeczna odpowiedzialność nauki II" - moduł: Popularyzacja nauki (2025).