Statements (30)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Web_security_vulnerability
|
| gptkbp:affects |
Web applications
|
| gptkbp:alsoKnownAs |
gptkb:Persistent_XSS
|
| gptkbp:cause |
Phishing
Credential theft Defacement Session hijacking Browser exploitation Malicious redirection |
| gptkbp:detects |
Security testing tools
Automated scanners Manual code review |
| gptkbp:distinctFrom |
gptkb:DOM-based_XSS
gptkb:Reflected_XSS |
| gptkbp:example |
Malicious comment stored in database
Malicious post in forum Script in user profile field |
| gptkbp:exploits |
User input handling
|
| gptkbp:firstDescribed |
Early 2000s
|
| gptkbp:impact |
High
|
| gptkbp:partOf |
gptkb:OWASP_Top_10
|
| gptkbp:prevention |
gptkb:Content_Security_Policy
Input validation Output encoding Sanitization |
| gptkbp:requires |
Server to store malicious script
|
| gptkbp:target |
End users
|
| gptkbp:bfsParent |
gptkb:XSS_(Cross-site_scripting)
|
| gptkbp:bfsLayer |
6
|
| https://www.w3.org/2000/01/rdf-schema#label |
Stored XSS
|