There are 3 types of cross site scripting.
1. Reflected XSS
2. Stored XSS
3. DOM-based XSS
1. Reflected XSS is also called non-persistent XSS, this is because the attacker input is reflect on browser without saving in server. In this, when attacker run scripts , then the data is immediately return on browser in the form of error messages, success messages etc. For example if we enter the script in the username field on the login page and error will occur, the username is appended to the error message or response and will run on the browser.
2. Stored XSS attacks takes place when the user input scripts(script written by the attacker) is permanently saved at the server side and later it will retrieve to render on the browser.