Other methods where attackers store malicious scripts (also called payloads) are discussion forums, the comment section of websites and other similar platforms. Whenever the user navigates those pages, payloads got executed and user’s cookies information automatically sends to an attacker.