CAPEC-592 · threatengine.sh

Attack Pattern

Stored XSS

CAPEC-592 · Detailed · Stable

An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently "stored" within the data storage of a vulnerable web application as valid input.

likelihood: High severity: Very High

△

Targets These Weaknesses (CWE)

The underlying weaknesses this attack pattern exploits. Follow into a CWE to see affected CVEs and its relationship tree.

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

External lookups - second-class, for what we don’t hold ourselves

MITRE CAPEC

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin