The title says it all. I understand how to exploit XSS via MIME sniffing, but the question is, do you call this type of XSS stored or reflected?
OWASP says
Stored attacks are those where the injected script is permanently stored on the target servers.. The victim then retrieves the malicious script from the server when it requests the stored information
While, reflected attacks usually require some user interaction, like clicking a malicious link for example.
It's a little confusing to me on what type of XSS this would come under. I could modify my file to have some javascript at the beginning, have the browser interpret it as a JS file and execute. Does this make it a stored XSS?