XSS - Stored
- LAST UPDATED DATE: 2015/11/25
- LAST UPDATED BY: @mubix
Cross Site Scripting is
Capabilities and Risk
This is to replace any "level" or "score" becuase of how much context is needed for a vulnerability to have one which is beyond the scope of this database.
- List of possible uses for this vulnerability to give real-world uses
- Read files as www-data (or use web server is running as)
- DDoS service
- Code execution (for this one to fly there needs to be a refence proving it)
How does one detect the exploitation of this vulnerability, or detect its presence.
What are some of the ways to fix this vulnerability?
- Link to blog post
- Link to CVE
- Link to Metasploit module
- Link to Nessus/NeXpose/Qualys write up
A write up on how this vulnerability can be exploited with demo code or screen shots