Hacker News new | ask | show | jobs
by Noumenon72 2241 days ago
My understanding of persisted XSS attacks is that it's not that the site is malicious, but that it had security holes, so other people who got through the captcha uploaded malicious scripts. Now the site is serving them unawares. Does that sound right?
1 comments
ollien 2241 days ago
Correct. If it were malicious on the part of the site, they could just send you that javascript anyway.
link