XSS - Stored

  • LAST UPDATED DATE: 2015/11/25
  • LAST UPDATED BY: @mubix


Cross Site Scripting is

Capabilities and Risk

This is to replace any "level" or "score" becuase of how much context is needed for a vulnerability to have one which is beyond the scope of this database.

  • List of possible uses for this vulnerability to give real-world uses
  • Read files as www-data (or use web server is running as)
  • DDoS service
  • Code execution (for this one to fly there needs to be a refence proving it)


How does one detect the exploitation of this vulnerability, or detect its presence.


What are some of the ways to fix this vulnerability?


  • Link to blog post
  • Link to CVE
  • Link to Metasploit module
  • Link to Nessus/NeXpose/Qualys write up


A write up on how this vulnerability can be exploited with demo code or screen shots

Want to contribute? Check out the readme and contribution page or Get in touch!
Last updated on 24th Jul 2019