From XSS at Wikipedia:
There are three distinct known types of XSS vulnerabilities to date. DOM-based or local (Type 0), non-persistent/reflected (Type 1) and persistent or stored (Type 2) cross-site scripting.
Type-0 attack
Mallory sends a URL to Alice (via email or another mechanism) of a maliciously constructed web page.
Alice clicks on the link.
The malicious web page’s JavaScript [...]
