Scenario - SessionStorage - Executing XSS

This page is hosted by the attacker. Clicking the button below will trigger the loading of an error page in the iframe. The error page has an XSS vulnerability allowing the attacker to execute code within the application context.

This scenario illustrates a common attack to steal data from the browser. For more context, please refer to the security cheat sheet on Secure data storage in the browser