Difference Between Stored Cross Site Scripting and Reflected Cross Site Scripting Last Updated : 06 Aug, 2024 Summarize Comments Improve Suggest changes Share Like Article Like Report In today’s online world, keeping web applications secure is crucial to protect both businesses and their users. One common threat is Cross-Site Scripting (XSS), where attackers insert harmful code into websites or web applications. This can cause to serious issues like stealing passwords, redirecting users to dangerous sites, and changing web content. Understanding XSS and its effects helps to keep our website safe from this threats.What is Stored Cross-Site Scripting (XSS)?Stored XSS happens when an attacker injects harmful code directly into a website’s database or server. This code is then saved and shown to other users when they visit the affected page.Attack ExamplesForum Post: An attacker posts a comment with harmful code on a forum. When other users read the comment, the code runs in their browsers.User Profiles: An attacker adds harmful scripts to a user’s profile. When other users view the profile, the scripts run.Message Boards: An attacker inserts scripts into message board posts. When other users read these posts, the scripts execute.What is Reflected XSS?Reflected XSS occurs when an attacker tricks a user into clicking a link with harmful code. This code is not saved on the server; it only affects users who interact with the malicious link.Attack ExamplesPhishing Emails: An attacker sends an email with a link containing harmful code. When the recipient clicks the link, the code runs in their browser.Search Queries: An attacker adds harmful code to a search query. When users view the search results, the code executes.Malicious URLs: An attacker creates URLs with harmful scripts. When users click these links, the scripts run.Difference Between Stored and Reflected XSSSTORED XSS REFLECTED XSS Also known as permanent XSS.Also known as temporary XSS.Malicious code is stored in the application.Malicious code is not stored in the application.Causes more damage to the web application or website.Causes less damage to the web application or website.Targets all users using the web application or website.Targets few users using the web application or website.The malicious code is activated when the victim visits the Compromised web page.The malicious code is activated after a link is clicked.Harder to perform.Easier to perform.ConclusionCross-Site Scripting is a serious security threat that can compromise both user data and the security of web applications. Knowing the differences between Stored and Reflected XSS and how they can affect users helps you better protect your website. Comment More infoAdvertise with us Next Article Difference Between Stored Cross Site Scripting and Reflected Cross Site Scripting P pradiptamukherjee Follow Improve Article Tags : Misc Computer Networks Difference Between Cyber-security Practice Tags : Misc Similar Reads Difference between Client side filter and Server side filters in Cyber Security Filters are key components in web applications that validate user input and ensure it meets certain standards. These filters can be implemented on the client side (within the user's web browser) or the server side (on the web server). Understanding the differences between client-side and server-side 5 min read What's the difference between Scripting and Programming Languages? Basically, all scripting languages are programming languages. The theoretical difference between the two is that scripting languages do not require the compilation step and are rather interpreted. For example, normally, a C program needs to be compiled before running whereas normally, a scripting la 3 min read Bash Script - Difference between Bash Script and Shell Script In computer programming, a script is defined as a sequence of instructions that is executed by another program. A shell is a command-line interpreter of Linux which provides an interface between the user and the kernel system and executes a sequence of instructions called commands. A shell is capabl 4 min read Difference between JavaScript and VBScript JavaScript and VBScript are both scripting languages used to automate tasks and enhance web pages. JavaScript is widely supported across all modern browsers and platforms, making it the preferred choice for web development. In contrast, VBScript is primarily used in Internet Explorer and Windows env 2 min read Difference Between Programming, Scripting, and Markup Languages When it comes to making a website or app, coding involves basically three types of languages, i.e the programming language, Scripting Language and Markup Language. There are a lot of people who consider coding as just developing or making a website, but they need to understand that every single lang 5 min read Like