Persistent Cross-Site Scripting (Persistent XSS)

Persistent XSS vulnerabilities are very similar to reflected XSS vulnerabilities. Both execute a JavaScript of an attacker in the context of a web application and thus allow access to information of the web application which is usually only available to the respective user.
The difference between persistent XSS and reflected XSS consists of the fact that a user does not have to click on a crafted link anymore to be a victim of an attack.
Persistent XSS makes it possible to permanently store JavaScript code in a website. If a user visits the respective website, the JavaScript is embedded in the website and executed by the browser.

Back to the glossary overview