Stored XSS (or Persistent)
- Malicious script stored on server, delivered to all users.
- Occurs when user input is stored without proper validation.
- Exploiting it: Persistent execution of scripts in victim's browser.
- Consequences: Data theft, account takeover, site defacement.
- Mitigation: Input validation, output encoding, content security policy implementation.