Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim’s browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage.
1 Visit “Contact Us” page and put <img src>
in Message
field. Click on Send Message
button.
2 Now, the admin opens the Contact Us
module in admin panel and attacker’s xss payload will be executed.
The attacker can execute any arbitrary javascript code and acheive the following:
and many more…