

<strong>Paper Title</strong><br>

Watering Hole Attack and its Relationship with the Cross-Site Scripting Vulnerability<br>

<br>


<strong>Abstract</strong><br>

Watering hole attacks (WHA) possess a serious threat to individuals, organisations and data integrity. The aim of such an attack is to strategically compromise a highly secure website or application with frequent visitors and keep silent track of the network data passing through it. Most of such attacks have been aimed against, federal governments around the world and other public organisations. The main aim of attackers during a WHA is to find a vulnerability in the system and exploit it by injecting a malicious payload or malware pushing it to the user from a secure site. Cross-Site Scripting (XSS) is one such vulnerability that can cause a website to allow such kinds of attacks. In this paper, we will thus discuss how XSS could be used to create a waterhole in websites, and how various kinds of XSS vulnerabilities have the potential of leading to WHA.

Keywords - Water Holing Attack (WHA), Cross-Site Scripting (XSS), Social Engineering attack.