Management (XSS) 3 - Cross Site Scripting (XSS) 4 - Insecure Direct Object References 5 - Security Misconfiguration 6 - Sensitive Data Exposure 7 - Missing Function Level Access Control 8 - Cross Site Request Forgery (CSRF) 9 - Using Components with Known Vulnerabilities 10 - Unvalidated Redirects and Forwards
Management (XSS) 3 - Cross Site Scripting (XSS) 4 - Insecure Direct Object References 5 - Security Misconfiguration 6 - Sensitive Data Exposure 7 - Missing Function Level Access Control 8 - Cross Site Request Forgery (CSRF) 9 - Using Components with Known Vulnerabilities 10 - Unvalidated Redirects and Forwards
after the page has loaded, many time needs user interaction, which means that the attacker must trick the user to execute the script himself. This one is very similar to the reflected XSS, but for needing user interaction makes it harder for the attacker