Stored Cross Site Scripting attacks happen when the application doesn’t validate user inputs against malicious scripts, and it occurs when these scripts get stored on the database. Victim gets infected when they visit web page that loads these malicious scripts from database. For instances, message forum, comments page, visitor logs, profile page, etc.
Read more about Stored XSS
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)#Stored_XSS_Attacks