Sometimes, the XSS is not immediately reflected back, but instead only shown on a different page. For example, after creating an object, the user could be redirected to the created object, and only experience the XSS when editing the object again, or looking at the list of objects.
Sometimes, the XSS is not immediately reflected back, but instead only shown on a different page. For example, after creating an object, the user could be redirected to the created object, and only experience the XSS when editing the object again, or looking at the list of objects.