Which attack allows a malicious script to execute whenever a user views a webpage, due to an injection in the comment section?

Stored XSS (Cross-Site Scripting) is characterized by the persistence of the malicious script that gets injected into a web application. In this scenario, when a user views a webpage that displays user-generated content—such as comments—the injected script is executed in the context of the user's browser. This occurs because the injected script is stored on the server (for example, in a database) and served to any user who loads that specific page.

When a comment section is vulnerable to this type of attack, it allows attackers to embed harmful JavaScript which, once stored, can be served to any user who views the page. As a result, when another user accesses the webpage, the malicious script can run without their knowledge, potentially stealing cookies, session tokens, or performing actions on behalf of the user.

In contrast, reflected XSS would not apply here as it typically involves immediate execution of a script reflecting off of a URL parameter without being stored. CSRF involves tricking a user into executing unwanted actions on a different website where they are authenticated and does not involve script injection in the context of comment sections. Directory Traversal pertains to unauthorized access to files and directories on a server and does not relate to executing scripts via comments. Thus, stored X