In this write-up, we presented and covered cross site scripting vulnerability both
reflected and stored using Mutillidae.

Reflected XSS
Reflected XSS is the kind of XSS that makes the browser returns an alert or cookie
back to the client. It’s not stored in the website database as Stored XSS is.
Common testing points for reflected XSS are input boxes and contact forms. In the
below figure, we have an input box that accepts a hostname.

Stored XSS
In stored XSS, the malicious javascript code gets stored in the website database
and doesn’t get reflected in a pop-up. This means we don’t need to send a crafted
URL to the target to steal their cookies. Whenever the target visits the page in
which we inserted the malicious JS, the payload will get executed each time a user
visits the vulnerable page.

Get OSCP Certificate Notes

CTF Writeups, Mutillidae, OWASP, XSS

Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Reflected and Stores XSS – OWASP Mutillidae

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Other stories

Cross site request forgery CSRF Vulnerability – DVWA Lab

Insecure Direct Object Reference Vulnerability – Mutillidae OWASP Lab

Press ESC to close

Reflected and Stores XSS – OWASP Mutillidae

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Share Article:

You might also like

Web Hacking 101 with PicoCTF | CTF Walkthrough

Practical Coding in Cyber Security | HackTheBox Coding Challenges

Critical Webmail Exploit: CVE-2025-49113 in Roundcube | TryHackMe Roundcube

Other stories

Cross site request forgery CSRF Vulnerability – DVWA Lab

Insecure Direct Object Reference Vulnerability – Mutillidae OWASP Lab