A mаliciоus user discоvers thаt а web applicatiоn takes unvalidated user input from a form field and immediately uses it to construct the content of a hidden element on the same page before the page is rendered. The attacker submits the following payload in the form: When a victim clicks a specific link (or visits a specific URL) containing the attacker's payload, the script executes, stealing the victim's session cookie and sending it to the attacker's server. Question: Based on the method of attack and the fact that the malicious code is delivered via a unique link or input and is not permanently stored on the server, what type of XSS vulnerability is this?