Skip to content

Stored Server XSS

Stored server XSS refers to a type of cross-site scripting (XSS) where an attacker sends a payload to the server, which is then stored by the server. An attacker does not need to send anything via chat, email, etc. in stored server XSS. Example: sending an injection to comments in a blog site. Note: Sometimes developers check inputs only in JS and don't check on backend.

References

  1. web200.Cross-Site Scripting Introduction and Discovery.Stored Server XSS