Name Stored XSS
Summary This type of attack is a form of Cross-site Scripting (XSS) where a malicious script is persistenly "stored" within the data storage of a vulnerable web application. Initially presented by an adversary to the vulnerable web application, the malicious script is incorrectly considered valid input and is not properly encoded by the web application. A victim is then convinced to use the web application in a way that creates a response that includes the malicious script. This response is subsequently sent to the victim and the malicious script is executed by the victim's browser. To launch a successful Stored XSS attack, an adversary looks for places where stored input data is used in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (<img>), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.
Prerequisites An application that leverages a client-side web browser with scripting enabled. An application that fails to adequately sanitize or encode untrusted input. An application that stores information provided by the user in data storage of some kind.
Solutions Use browser technologies that do not allow client-side scripting. Utilize strict type, character, and encoding enforcement. Ensure that all user-supplied input is validated before being stored.
Related Weaknesses
CWE ID Description
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Back to Top