Reflective XSS - This reflects executable code onto the application. However it is not immediately obvious how to send this to the target
Persistent XSS - This stores the UID either in loginevents or users as executable code to be retrieved at a later data, if done well, we could possibly even take control of an admin
This presents 3 major issues:
Reflective XSS - This reflects executable code onto the application. However it is not immediately obvious how to send this to the target
Persistent XSS - This stores the UID either in loginevents or users as executable code to be retrieved at a later data, if done well, we could possibly even take control of an admin
CSRF - Using CSRF we should be able to send a reflected XSS back (see: https://www.youtube.com/watch?v=Q57THsLv56A)