SecPlusTrainer / Glossary / What is stored XSS vs reflected XSS?
D2 ยท Threats

What is stored XSS vs reflected XSS?

๐Ÿ”ด Stored XSS: malicious script saved to server database โ€” executes for every user who loads the page. Most dangerous.
๐ŸŸก Reflected XSS: script in URL โ€” requires victim to click malicious link.
๐Ÿ”ต DOM XSS: no server involvement โ€” client-side JavaScript vulnerability.
Stored XSS = persistent, affects all visitors. Reflected XSS = victim must click link. DOM XSS = hardest to detect (no server-side indicators). Prevention: output encoding for all user input displayed back to users.

Related Terms

What is adversarial AI in cybersecurity? What is an aggregation attack? What is anti-forensics? What is an attack surface?
โ† Back to Glossary Practice Questions โ†’