CRV2 RevCodeStoredAntiPatternPHP

=PHP Stored Anti-pattern==

Avoid stored Cross site script by validating input that attempts to save or store a XSS code in the database. You can use the OWASP PHP Security Framework to validate any attempt to submit information to the database when an malicious user attempts to submit information which contains XSS code.

Websites that do not validate properly XSS code that can be stored, is vulnerable to Cookie stealing sessions

Example, a malicious user will submit the following code in a (text) input field that does not validate input 



And through this simple script, the user will be able to get the cookies delivered to his server.

OWASP XSS Cheat sheets
To get an overview of potential XSS code that can be maliciously submitted through web forms, use the OWASP XSS Cheat sheets online to test and determined potential   vulnerabilities.

OWASP PHP SEcurity Framework
To know how to protect your site against this type of attacks, visit https://www.owasp.org/index.php/OWASP_PHP_Security_Project