The application stores user-supplied input and displays it to other users without proper encoding, allowing persistent script injection.
Stored XSS affects all users who view the compromised content. Attackers can steal credentials, spread malware, perform unauthorized actions, and compromise user accounts at scale.
Sanitize and validate all user input before storage. Implement output encoding when rendering stored content. Use Content Security Policy headers. Consider using HTML sanitization libraries for rich text content.