Stored XSS
Stored XSS (also called Persistent XSS) is a type of cross-site scripting vulnerability that can be found in web applications. This vulnerability occurs when an attacker injects malicious script code into a web page that is then stored on the server and displayed to users who visit that page.
For example, let’s say a website allows users to post comments on a page. If the site does not properly sanitize user input, an attacker could post a comment that includes malicious script code. When the site saves the user’s comment to the server, the code is also saved. The next time someone visits the page and the comment is displayed, the code is executed, potentially allowing the attacker to steal user data, such as login credentials or financial information.
To protect against Stored XSS vulnerabilities, web developers can implement input validation and sanitization techniques to ensure that any user input is not executed as code. Additionally, web application firewalls can be used to detect and block malicious code before it reaches the server.