Which type of Cross-Site Scripting attack stays on a website and affects everyone who visits that page, even much later?

The type of Cross-Site Scripting (XSS) attack that stays on a website and affects everyone who visits that page, even much later, is called Stored Cross-Site Scripting, also known as Persistent Cross-Site Scripting. This attack occurs when an attacker injects a malicious script, often referred to as a payload, directly into a web application's database or file system. For instance, an attacker might post a comment on a blog or a message on a forum that contains this harmful script instead of plain text. The website then stores this script permanently as part of the legitimate content, without properly checking or cleaning the input to remove any harmful code. Later, when any user visits the compromised web page that displays this stored content, the web application retrieves the malicious script along with the regular content from its storage. The user's web browser then automatically executes this script because it treats the content as legitimate and originating from the trusted website. Since the script is stored on the server and served to all subsequent visitors, its effects are persistent, meaning it continues to affect users long after the initial injection. The malicious script can perform various harmful actions, such as stealing user session cookies, redirecting users to malicious websites, or defacing the webpage, all executed within the context of the vulnerable website.