Skip to content

Latest commit

 

History

History
35 lines (23 loc) · 1.48 KB

stored_xss.md

File metadata and controls

35 lines (23 loc) · 1.48 KB
layout title score
default
Stored XSS
Medium to Critical

Related Session

<iframe id="ytplayer" type="text/html" width="640" height="360" src="https://www.youtube-nocookie.com/embed/HGaFCcWM57U?rel=0&autoplay=0&origin={{ site.url }}" frameborder="0"></iframe>

Description

Stored XSS (Cross-Site Scripting) occurs when user input is stored in a database, file, or other location and later sent to the browser without proper sanitization.

Security Impact

With Stored XSS, it is possible for an attacker to place a payload onto a page, which when visited will cause arbitrary JavaScript to execute. This allows the attacker to perform any action as the user, exfiltrate data, and more.

Remediation

User input should always be encoded prior to output. If the user input is being inserted into a script tag, it must be in string form and be string escaped, as well as ensuring that < and > are not included directly. If the user input is going elsewhere on a page, it must be HTML entity encoded.

It is critical that this occur for all pieces of data retrieved from the database, even if it should be safe under normal circumstances. This is to ensure that XSS doesn't occur in the future, if a bug allows manipulation of that suspected-safe data.

References