How can XSS be avoided in HTML downloads? Ask Question upload files. These files can be any format, including HTML pages. We have tested than in IE8, if you download an HTML file that contains some script that tries to access your cookies and, after downloading, you choose the "Open" option, the script executes and gets your cookie About XSS Files. Our goal is to help you understand what a file with a *.xss suffix is and how to open it. The XML Style Sheet file type, file format description, and Windows and Linux programs listed on this page have been individually researched and verified by the FileInfo team.We strive for 100% accuracy and only publish information about file formats that we have tested and validated. XSS and MySQL FILE. This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it. XSS file format description. Many people share .xss files without attaching instructions on how to use it. Yet it isn’t evident for everyone which program a .xss file can be edited, converted or printed with. On this page, we try to provide assistance for handling .xss files. This script is possibly vulnerable to XSS (Cross-site scripting). The web application allows file upload and Acunetix was able to upload a file containing HTML content. When HTML files are allowed, XSS payload can be injected in the file uploaded. Check Attack details for more information about this attack. According to wikipedia.org Cross Site Scripting (XSS) is : Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users.