Posted on December 18, 2025
Written by Raxis Research Team
We reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. If you missed the first two videos in the series, take a look at the full playlist on YouTube.
After discussing the basics of XSS and two evasion techniques that hackers use to get past remediation efforts, in this video we show more advanced stored XSS attacks that move beyond pentester proof of concepts to three real-world attacks that can cause harm to websites.
- Cookie theft to update a webpage for all visitors
- Website defacement such as changing the website background to a photo of the attacker’s choosing or even redirecting users to the attacker’s website of choice
- Cross-Site Request Forgery (CSRF) that forces a user to send HTTP requests, such as deleting or updating data, each time they visit the webpage
With injection listed as #5 on the new 2025 OWASP Top 10 list, these attacks are still very relevant today. Learn how the attacks work and how to remediate your web application to keep it secure from XSS exploits.
Raxis Research Team
The Raxis Research Team is dedicated to staying ahead of the threat landscape. Our experts dig into emerging exploits, uncover hidden vulnerabilities, and develop resources that power our penetration testing engagements. By combining curiosity with technical precision, the team equips Raxis testers with cutting-edge intelligence to simulate real-world attacks and strengthen client defenses.
Search The Exploit Blog
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless
