Stored XSS
Stored XSS is the most dangerous type of XSS since it is persistent and it does not require any user interaction. The stored XSS is stored in back-end and triggered every time a user visit the infected page.
Some stored Cross-Site scripting vectors to look for:
Blog comments and posts
Forum
File manager
Shopping cart
User profile pages
Application settings/preferences
Last updated