Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Attackers use these flaws to ‘store’ or ‘add’ a malicious script to a page of your site or application. Persistent XSS flaws are the most severe, as they can affect every visitor and may require no interaction other than visiting a malicious page. Reflected XSS vulnerabilities only affect one user at a time and require the user to click a specially crafted link.
Source: https://www.helpnetsecurity.com/2021/06/15/xss-attacks/