What are the major differences between, Persistent XSS and Non-Persistent XSS?
As the naming suggests, the difference between Persistent and Non-Persistent XSS are as follows.
Stored XSS, inside of cookies or the server's database.
Example of Persistent XSS in a chat application
If a chat application stores all user messages into a database and a user can send a string of HTML, such as
<script>alert('XSS');</script> then that code will be executed every time the user visits the cha application.
Example of Non-Persistent XSS
You can execute
You can read more about this here.