Stored Cross-Site Scripting (Stored XSS) Explained

👍👍👍 and subscribe for more stored xss tutorials:    / @and1hof  
Check out my best selling AppSec book: https://amzn.to/3pGO4Vz
Check out my behind-the-scenes newsletter: https://www.andrewhoffman.me/newsletter/

Stored Cross-Site Scripting (XSS) is a form of cross site scripting script execution in which the payload (typically JavaScript) is persisted (typically in a database). Unlike reflected cross site scripting, stored XSS is actually distributed by the application itself by nature of being rendered via application logic from the server's database. What this means is that there may be cases where a single stored cross site scripting / xss vulnerability could impact a very large amount of users with very little effort on the attackers side.