00 — Overview

Stored XSS — Persistent Cross-Site Scripting

The most dangerous XSS variant. Your payload gets saved to the server and fires for every user who visits — no link-click required.

Beginner·45 min·9 tasks

// By the end of this module

→Exploit stored XSS in comment fields, profiles, and rich-text inputs

→Understand why stored XSS is higher impact than reflected

→Chain stored XSS with CSRF to perform admin actions

→Find stored XSS sinks by reading JavaScript source

// Prerequisites

Injection · Beginner

60 min