Stored XSS occurs when malicious input is saved on the server and executed every time a user loads the affected page.
-
Updated
Nov 15, 2025
#
stored-xss
Here are 14 public repositories matching this topic...
SVG Stored XSS Vulnerable Web App In Python
-
Updated
Apr 6, 2025 - Python
MISP <= 2.5.27 - Stored Cross-Site Scripting via Workflow Engine (doT.js Template Injection).
xss cybersecurity xss-vulnerability pentesting misp cve pentest xss-exploitation xss-attacks 0day xss-exploit exfiltrate-data stored-xss-exploit stored-xss 0dayexploit 0day-exploit csp-bypass cve-2025 cve-2025-67906 misp-exploit
-
Updated
Mar 27, 2026 - Python
cross-site scripting python tool for detection and validation, reflected, DOM and stored
xss xss-scanner xss-detection vulnerability-detection vulnerability-scanners cross-site-scripting stored-xss
-
Updated
Mar 9, 2026 - Python
Simple demo project to demonstrate Stored Cross-Site Scripting (XSS) vulnerability using unsanitized blog comments. Includes both vulnerable and fixed versions.
-
Updated
Apr 27, 2025 - TypeScript
XSS via file upload (pdf)
-
Updated
Oct 20, 2025 - Python
Advanced Cross-Site Scripting (XSS) vulnerability testing framework with WAF bypass, DOM XSS detection, and comprehensive reporting capabilities.
xss owasp cybersecurity penetration-testing bug-bounty web-security xss-detection dom-xss python-security security-scanner ethical-hacking security-automation security-tools web-application-security vulnerability-scanner cross-site-scripting hacking-tools waf-bypass stored-xss reflected-xss
-
Updated
Mar 15, 2025 - Python
Node.js-based web application for study
-
Updated
Feb 12, 2026 - HTML
CVE-2020-13654 - XWiki Platform < 12.8 - Stored XSS → CSRF → Account Takeover
security exploit xss csrf cve xwiki account-takeover cross-site-scripting cross-site-request-forgery stored-xss cve-2020-13654
-
Updated
Apr 16, 2026 - Python
WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon
-
Updated
Feb 16, 2024
MAL-003: Groovy Security Bypass and Stored XSS in Apache OfBiz
-
Updated
Feb 16, 2024
CVE-2026-40487 | Postiz <= 2.21.5 | Arbitrary File Upload via MIME-Type Spoofing → Stored XSS → Account Takeover | CVSS 8.9 High
security exploit file-upload xss poc vulnerability cve account-takeover stored-xss postiz mime-spoofing cve-2026-40487
-
Updated
Apr 16, 2026 - Python
Improve this page
Add a description, image, and links to the stored-xss topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the stored-xss topic, visit your repo's landing page and select "manage topics."