Stored XSS

GPTKB entity

Statements (30)
Predicate Object
gptkbp:instanceOf Web security vulnerability
gptkbp:affects Web applications
gptkbp:alsoKnownAs gptkb:Persistent_XSS
gptkbp:cause Phishing
Credential theft
Defacement
Session hijacking
Browser exploitation
Malicious redirection
gptkbp:detects Security testing tools
Automated scanners
Manual code review
gptkbp:distinctFrom gptkb:DOM-based_XSS
gptkb:Reflected_XSS
gptkbp:example Malicious comment stored in database
Malicious post in forum
Script in user profile field
gptkbp:exploits User input handling
gptkbp:firstDescribed Early 2000s
https://www.w3.org/2000/01/rdf-schema#label Stored XSS
gptkbp:impact High
gptkbp:partOf gptkb:OWASP_Top_10
gptkbp:prevention gptkb:Content_Security_Policy
Input validation
Output encoding
Sanitization
gptkbp:requires Server to store malicious script
gptkbp:target End users
gptkbp:bfsParent gptkb:Cross-site_Scripting
gptkbp:bfsLayer 5