[Owasp-topten] Reflected or Stored XSS?
zakiakhmad at gmail.com
Fri Apr 3 05:08:36 EDT 2009
On Fri, Apr 3, 2009 at 12:17 AM, Dave Wichers
<dave.wichers at aspectsecurity.com> wrote:
> Stored XSS is where you send in data to the application, and it is
> persisted permanently somewhere, like a blog entry, or your user
> profile, or some other persistent data location, and then someone else
> later on can come and retrieve that data and get attacked by the script.
> Reflected is where the script is sent to the site and immediately sent
> back in the response (like in an error message, or confirmation page, or
> form repost, or whatever) and the data is NOT stored permanently on the
Thanks for the explanation Dave.
If stored XSS will be executed as long the script is on the server
(eg: database) what about the reflected? Is reflected XSS only execute
just once because it's NOT stored permanently?
More information about the Owasp-topten