Attack Get the data from the storage(cookie,passwd,etc). Storage your xss shellcode Unlimit the path. Defense Don’t store sensitive data in local storage. Don't use local storage for session identifiers. Stick with cookies and use the HTTP Only and Secure flags.
SQL Injection , XSS , CRSF , Security misconfiguration and CSSLP