In the context of Cross-Site Scripting (XSS), what is

Solution

Stored XSS, also known as persistent XSS, is more dangerous because the malicious script is stored permanently on the target server, such as in a database or a message board. When users access the vulnerable page, the script is automatically executed in their browsers without any further user interaction. This allows attackers to exploit a larger number of users, often without their knowledge. In contrast, reflected XSS requires users to interact with a specially crafted link, limiting the scope of the attack. Why Other Options are Incorrect: A) Stored XSS is harder to detect during code review: This is not necessarily true; both types of XSS can be detected through code review with proper attention to input validation. C) Reflected XSS only affects users who directly interact with malicious links: While true, it does not explain why stored XSS is more dangerous. D) Stored XSS bypasses the need for user interaction entirely: This is partially correct but does not fully capture the main reason why stored XSS is more dangerous (automatic execution on page load). E) Stored XSS can directly exploit server vulnerabilities: Stored XSS exploits client-side vulnerabilities rather than directly targeting the server.