diff --git a/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md b/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md index 252a8ddc..2af66a8b 100644 --- a/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md @@ -2,11 +2,11 @@ ## Overview of the Vulnerability -Stored Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript is injected into a website. When a user visits the affected web page, the Javascript executes within that user’s browser in the context of this domain. Stored XSS can be found on this domain which allows an attacker to submit data to a form and escalate from no privileges to any user type, which could include an Administrator level user. +Stored Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript is injected into a website. When a user visits the affected web page, the JavaScript executes within that user’s browser in the context of this domain. Stored XSS can be found on this domain which allows an attacker to submit data to a form and escalate from no privileges to any user type, which could include an Administrator level user. When an attacker can control code that is executed within a user’s browser, they are able to carry out any actions that the user is able to perform, including accessing any of the user's data and modifying information within the user’s permissions. This can result in modification, deletion, or theft of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. -to create a crafted JavaScript payload. When a user navigates to the page, the arbitrary Javascript executes within that user’s browser in the context of this domain. +to create a crafted JavaScript payload. When a user navigates to the page, the arbitrary JavaScript executes within that user’s browser in the context of this domain. ## Business Impact