Cross-Site History Manipulation (XSHM)
Cross-Site History Manipulation (XSHM) is a type of security vulnerability that can occur on websites.
When you browse the internet, your web browser keeps track of the websites you visit in a feature called “history.” This history can be accessed by clicking back and forward buttons in your browser, or by typing a website name into your browser’s address bar.
XSHM happens when a malicious website tricks your browser into adding an entry to your browsing history. This entry can then be used to manipulate your future browsing behavior. For example, a malicious website could add a fake banking website to your browsing history. The next time you try to visit your real banking website, your browser might redirect you to the fake one instead.
XSHM can happen when websites use the browser’s history functionality in unintended ways. To avoid XSHM, website developers should be careful to only use the history functionality in ways that don’t allow malicious manipulation.