Stored XSS Attacks | Reflected XSS Attacks |
---|---|
The attacks where the injected scripts are permanently stored on the target servers are called stored XSS attacks. | The attacks where the user has to send the request first, then start running on the victim's browser, are called reflected XSS attacks. |
In stored XSS attacks, the victim retrieves the server's malicious script when requesting the stored information. | The reflected XSS attacks reflect results from the browser to the user who sent the request. |