Statements (30)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Web security vulnerability
|
gptkbp:affects |
Web applications
|
gptkbp:alsoKnownAs |
gptkb:Persistent_XSS
|
gptkbp:cause |
Phishing
Credential theft Defacement Session hijacking Browser exploitation Malicious redirection |
gptkbp:detects |
Security testing tools
Automated scanners Manual code review |
gptkbp:distinctFrom |
gptkb:DOM-based_XSS
gptkb:Reflected_XSS |
gptkbp:example |
Malicious comment stored in database
Malicious post in forum Script in user profile field |
gptkbp:exploits |
User input handling
|
gptkbp:firstDescribed |
Early 2000s
|
https://www.w3.org/2000/01/rdf-schema#label |
Stored XSS
|
gptkbp:impact |
High
|
gptkbp:partOf |
gptkb:OWASP_Top_10
|
gptkbp:prevention |
gptkb:Content_Security_Policy
Input validation Output encoding Sanitization |
gptkbp:requires |
Server to store malicious script
|
gptkbp:target |
End users
|
gptkbp:bfsParent |
gptkb:Cross-site_Scripting
|
gptkbp:bfsLayer |
5
|