Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim’s browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage
1. A low-priv user create a page with the following payload:
a'"></title></script><img src></p>
2. Victim visit the page and see xss is executed
XSS alert will show the domain name.
Attacker can execute arbitrary javascript code in the victim’s browser