XSS attacks can be categorized into following three categories:
1) Stored: The attack is saved into a persistent storage medium such as a database or file.
2) Reflected: Non-persistent attacks needing a delivery method to initiate the attack such an email or malicious form.
3) DOM based XSS: This attack manipulates the DOM to execute the attack payload. It is less well known.
Source: MSDN | Asked In: Many Interviews |