Question

    In the context of Cross-Site Scripting (XSS), what is the primary reason why stored XSS is considered more dangerous than reflected XSS?

    A Stored XSS is harder to detect during code review. Correct Answer Incorrect Answer
    B Stored XSS is automatically executed when users visit the vulnerable page. Correct Answer Incorrect Answer
    C Reflected XSS only affects users who directly interact with malicious links. Correct Answer Incorrect Answer
    D Stored XSS bypasses the need for user interaction entirely. Correct Answer Incorrect Answer
    E Stored XSS can directly exploit server vulnerabilities. Correct Answer Incorrect Answer

    Solution

    Stored XSS, also known as persistent XSS, is more dangerous because the malicious script is stored permanently on the target server, such as in a database or a message board. When users access the vulnerable page, the script is automatically executed in their browsers without any further user interaction. This allows attackers to exploit a larger number of users, often without their knowledge. In contrast, reflected XSS requires users to interact with a specially crafted link, limiting the scope of the attack. Why Other Options are Incorrect: A) Stored XSS is harder to detect during code review: This is not necessarily true; both types of XSS can be detected through code review with proper attention to input validation. C) Reflected XSS only affects users who directly interact with malicious links: While true, it does not explain why stored XSS is more dangerous. D) Stored XSS bypasses the need for user interaction entirely: This is partially correct but does not fully capture the main reason why stored XSS is more dangerous (automatic execution on page load). E) Stored XSS can directly exploit server vulnerabilities: Stored XSS exploits client-side vulnerabilities rather than directly targeting the server.

    Practice Next

    Relevant for Exams: