Skip to content
/ stored-cross-site-scripting Public

An adversary may inject malicious content into a vulnerable target

License

AGPL-3.0 license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/stored-cross-site-scripting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

stored-cross-site-scripting.drawio

stored-cross-site-scripting.drawio

 
 

stored-cross-site-scripting.png

stored-cross-site-scripting.png

 
 

Repository files navigation

A threat actor may inject malicious content where content is saved into a database, when users visit the malicious vulnerable website, the malicious content is loaded from the database and the browser executes that.

Example #1

  1. Threat actor infects a vulnerable target with malicious code to a victim
  2. The victim requests the vulnerable target and receives the malicious code
  3. When malicious code gets executed, it calls back the threat actor

Impact

Vary

Risk

  • Read & modify data

Redemption

  • Output encoding
  • Browser built-in XSS preveiton

ID

cb251c97-067d-4f13-8195-4f918273f41b

References

About

An adversary may inject malicious content into a vulnerable target

Topics

metadata example stored scripting site vulnerability xss-vulnerability cross visulization qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors