Which type of cross-site scripting (XSS) attack retains malicious scripts on the server?

Stored XSS is the correct answer because it involves the permanent storage of malicious scripts on a server. In this type of attack, the malicious code is injected into a web application and stored in a database, message forum, visitor log, comment field, or any other persistent storage mechanism.

When users later access the page that retrieves the stored data, the server sends back the stored script as part of the web content without proper sanitization. This results in the code executing in the user's browser, potentially allowing the attacker to steal session cookies, sensitive information, or perform actions on behalf of the user without their knowledge.

In contrast, reflected XSS occurs when the malicious script is not stored but rather reflected from a web server in real-time, requiring a victim to click a malicious link. DOM-based XSS occurs within the user's browser, manipulating the Document Object Model but not involving server storage. Event-based XSS specifically pertains to the execution of scripts triggered by user events, which can overlap with other XSS types but does not define a separate category of attack as stored XSS does. Therefore, stored XSS clearly delineates a scenario where the malicious content remains on the server and can affect multiple users over time.