Analysis and Exploration of Vulnerabilities

Stored XSS

The application or API stores unsanitized user input.

  • Injected by an attacker.

Input is viewed later by another user, or an administrator and payload is executed.

Stored XSS is considered a high risk as actions may be executed with administrator permissions.

  • When the site admin access the webpage.

PreviousReflected XSSNextDOM XSS

Last updated