The most severe form of XSS vulnerability is “Stored” or “Persistent” Cross-Site Scripting, this is where it is possible for an attacker to craft an XSS payload and then submit it, so it is saved in the database. With an XSS exploit saved in the database it’s then possible for it to affect other users over a broad time period.
Another form of Cross-Site Scripting is “Reflected”, this type isn’t saved at any point, instead, the payload is included in the browser. Typically, this type of XSS is part of phishing attacks, where an attacker attempts to trick a victim to click a malicious link.
Did this help? Let us know!