XSS enables attackers to inject client-side scripts into web pages by exploiting vulnerabilities in dynamically generated web pages. An attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application and cause various damages including data theft, session hijacking, redirecting the web page to another website, etc.
Here the attacker will send a script as an input, and the attacker's contents will be reflected back to the victim. He can craft malicious scripts to get session cookies, redirect to a malicious web page, inject data, execute system commands and much more.
Here the input entered by the attacker will be stored in the database; e.g. blog. Anyone visiting the page will have this script running, thus affecting everyone who visits that page.
Denial of Service attack:
An attacker with/without the help of bots can flood the target system and reduce, restrict or prevent the target system from providing service to the authorised clients.