What Is Stored XSS and how to prevent it

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

【Stored XSS】Definition, Examples, And Prevention

Apr 7, 2022

8 min read

Ivona Simic

In this article:

A cross-site scripting (XSS) attack is when the attacker compromises how users interact with a web application by injecting malicious code. This code manipulates the webserver to respond to user requests with corrupted JavaScript. There are three primary kinds of XSS attacks: Reflected XSS, Stored XSS, and DOM-Based Cross-Site Scripting attacks. This post discusses Stored XSS attacks and how to prevent them.

Stored Cross-Site Scripting Explained

In a Stored XSS attack, the vulnerable web application receives user-supplied input from untrusted sources and stores it. This malicious content also gets included in the later HTTP responses sent by the server. To perform a Stored XSS attack, hackers only need to identify a security vulnerability within the backend application that allows for the execution of malicious requests. This makes it more exploitable as there is no need for hackers to craft external methods for supplying untrusted inputs to the target application server.

Stored XSS, also known as Type-1 or Persistent XSS attacks, typically rely on unsanitized user input points for scripts permanently stored on the target servers. Since these attacks allow malicious users to control how the browser executes a script, they can typically facilitate a complete user account takeover. The impact of a successful attack ranges from mild to a full-blown

Read more

Explore the site

More from the blog

Latest News