Don’t trust the locals: investigating prevalence of persistent client-side XSS

In an analysis of the top 5000 Alexa domains, 21% of sites that make use of data originating from storage were found to contain vulnerabilities, of which at least 70% were directly exploitable using the models described in this paper. The payload sent to the vulnerable site triggers a flow which stores attacker-controlled content in local storage. Now it’s just a matter of putting the two parts together: we’re looking for sites with vulnerable flows from an attacker controlled source to local storage, coupled with an exploitable flow from local storage.

Source: blog.acolyer.org