Configuration: Stored XSS Injection¶

Identifier: stored_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Stored XSS vulnerabilities occur when user input is not properly validated and saved into a database, allowing malicious scripts to be stored and executed by other users when they access the affected content.

How we test: We inject XSS payloads into request parameters that are stored in the database and later retrieved. We analyze stored content and responses to detect if malicious scripts are persisted and executed when other users access the stored data.

Prerequisites:

The target must expose create or update operations where submitted content can later be retrieved.
Responses must include enough content to confirm whether the payload was stored or reflected.

References:

https://portswigger.net/web-security/cross-site-scripting

Configuration¶

Example¶

Example configuration:

---
security_tests:
  stored_xss:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.