← LibraryTechnique entry
W-XSS-STOREDImpact
Stored XSS
Payload persisted server-side and rendered for other users — passive collection of victims, often admin sessions.
§ Where this technique fits
W-XSS-STORED is catalogued under the Impact tactic of the offensive-security kill-chain. It appears in 2 approved dossiers in the registry, typically at step 3.5 on average.
§ Dossiers chaining this technique
- step 3 / 6
Cloudflare account compromise → Worker rewrite → mass cred theft
Phish a Cloudflare account belonging to a popular site operator. Deploy a Worker that injects JS into every response — captures form posts (logins, payments) for the duration the operator doesn't notice.
- step 4 / 5
Output injection → admin XSS in support panel
Customer chats with support LLM. Prompt injection makes the model emit a malicious markdown link / image; when an admin views the conversation in the support panel, JS / pixel-tracker fires.
§ What commonly comes next
- 01Input Captureseen 1×T1056 · Collection
- 02Steal Web Session Cookieseen 1×T1539 · Credential Access