Stored or persistent XSS occurs because the application not only neglects to sanitize the input but also stores the input within the database. Therefore, when a page is reloaded and populated with database data, the malicious script is executed along with that data.