Source \ Sink	Server-sideUnsafe handling of data server-side	Client-sideUnsafe handling in javascript
ReflectedUntrusted data is part of request	Reflected XSS	Reflected DOM-based XSS
StoredUntrusted data is stored server side	Persistent XSS	Stored DOM-based XSS
BrowserUntrusted data is never sent to server	-	DOM-based XSS