hello been studying for a while as a loner came a cross jquery and it vulnerabilities such as (CVE-2020-11023 . CVE-2020-11022 )

that it main purpose was passing ( <option> elements . passing HTML from untrusted sources )

made myself a website that contain jQuery 1.2 same version to test the theory

tested xss and it came positive ( <img alt="<x" title="/><img src=x onerror=alert(1)>">

tested for passing elements and it appeared as i wrote it

my question is can it be stored on the same server that the website works in ? or its only on the page search as i tested it and only can be shown if i send the link to victim

alot of people talk alot of xss and how it can steal cookies and data even defecet a website !

how is that even possible ? because its not a stored type xss

if passing html elements and it appeard on website can it be used to show database scheme or anything related to it ?