that protects users from malicious cloned sites

■■

Most banks won’t take responsibility if their customers visit a cloned

■■

As you will see, there are ways of delivering XSS attacks that do not

A different category of XSS vulnerability is often referred to as stored cross-site

scripting. This version arises when data submitted by one user is stored within

the application (typically in a back-end database) and then displayed to other

users without being filtered or sanitized appropriately.

Stored XSS vulnerabilities are common in applications that support interac-

tion between end users, or where administrative staff access user records and

data within the same application. For example, consider an auction applica-

tion that allows buyers to post questions about specific items, and sellers to