A stored XSS vulnerability is present when unsanitized user input gets cached or stored in a database and is later retrieved by the web application for display. This can potentially affect all users of the site, e.g. if the malicious input is displayed on the frontpage.
Common places for stored XSS
- Forums
- Any site that allows comments
- Any site that renders user input (name, bio, etc) on the webpage