Now let's have a look at a stored XSS example. Stored XSS is very similar to reflected XSS—it allows you to inject JavaScript code into the browser. The code is executed on the users that visit the page. The only difference is that, with reflected XSS, we have to send the URL to our target, so the target has to actually click on a URL for the exploit to run. With stored XSS, the code will be stored into the database—that is, into the page—so that every time a person runs that page, they will see our code and our code will be executed, so we won't need to interact with any users or send them anything. Therefore, this could be much more dangerous than reflected XSS.

So, let's have a look at this. Click on the XSS stored tab on the ...