Skip to content

Stored Client XSS

Stored client XSS refers to an XSS attack where an attacker stores a payload on a website, and then this payload is retrieved by the victim's machine and executed in JavaScript on the client-side.

It is like stored server XSS but payload is not in DOM, payload located in JS functions and will have been added in DOM by JS code. Example: When we send payload server return our payload in the response and then JS inserts this payload in DOM using method "append" like this: 

$(#data).append(payload);

Payload example 

<script>alert();</script>

References

  1. web200.Cross-Site Scripting Introduction and Discovery.Stored Client XSS