\n\n\nServer stores this in database\n\n\nServer code renders the page:\n\n\n

Hello ${username}!

\n\n\nWhen any user views the page, their browser receives:\n\n

Hello !

\n\n\nThe script executes in every visitor's browser\n\nImpact: Can steal cookies, redirect users, deface pages for ALL users who view the affected page.\n", "dateModified": "2026-06-20T10:50:15+00:00" } } }

LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

How does stored server-side XSS work?

The app saves attacker input (e.g. a username) into the database, then later renders it into a page unescaped, so the stored script runs in every visitor's browser.

Example scenario:

  1. Attacker registers with username: <script>alert(1)</script>

  2. Server stores this in database

  3. Server code renders the page:

<p>Hello ${username}!</p>
  1. When any user views the page, their browser receives:
<p>Hello <script>alert(1)</script>!</p>
  1. The script executes in every visitor's browser

Impact: Can steal cookies, redirect users, deface pages for ALL users who view the affected page.

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jun 20, 2026