XSS can be broken down into two types, reflected and persistent. Reflected is also known as non-persistent while stored is known as persistent. Persistent is stored because it exists inside of cookies or server’s database while non persistent or reflected is executed in URL.
Reflected XSS happens when application takes input from HTTP request and embeds it into the immediate response in unsafe manner. Stored XSS or persistent happens when application stores the input and embeds it into a later response in an unsafe way.
Example of non persistent XSS is when you execute JavaScript in a browser while example of persistent XSS is when chat stores users message into a database and user is able to send XSS string that can be executed every time the user visits the chat application.
HansITAcademy 