Stored or persistent XSS is a sub-type of XSS vulnerability and differs from reflected XSS by the fact that it is persistent in nature. It means that the payload, once inserted into a page, will stay and execute permanently on the page. This is sneakier than its reflected counterpart as most of the time the victim is simply unaware of the fact that a malicious code is running inside the affected website, making it a perfect choice for XSS worms. I hope some of you may be aware of the Samy worm which exploited a weak XSS filter in MySpace to create a persistent XSS scenario in which thousands of victims unknowingly executed the wormable JavaScript code, which further spread the code. Stored XSS vulnerability is pretty common in places ...