【Stored XSS】Definition, Examples, And Prevention
Apr 7, 2022
8 min read
In this article:
Stored Cross-Site Scripting Explained
In a Stored XSS attack, the vulnerable web application receives user-supplied input from untrusted sources and stores it. This malicious content also gets included in the later HTTP responses sent by the server. To perform a Stored XSS attack, hackers only need to identify a security vulnerability within the backend application that allows for the execution of malicious requests. This makes it more exploitable as there is no need for hackers to craft external methods for supplying untrusted inputs to the target application server.
Stored XSS, also known as Type-1 or Persistent XSS attacks, typically rely on unsanitized user input points for scripts permanently stored on the target servers. Since these attacks allow malicious users to control how the browser executes a script, they can typically facilitate a complete user account takeover. The impact of a successful attack ranges from mild to a full-blown