Fill in the blanks in the following:

Bob finds a vulnerability on a website that allows him to input javascript code in a url parameter which is then displayed on the html page.

Bob sends Sarah an email with a url link with the javascript code to display a popup box showing her stored cookies.

The stored cookies are only displayed on Sarah's screen and no where else.

Bob found what type of vulnerability:

$[$ Options: persistent XSS$,$ session Hijack, Cookie Theft, Reflected XSS$]$

Bob tried and failed at executing what type of attack:

$[$Options: Cookie theft, Stored XSS$,$ Reflected XSS$,$ SQL injection$]$

This attack is targeting:

$[$Options: Bob, Sarah, The whole world, Sarah's company$]$

Please don't use chatGPT, I have done it multiple times, and went wrong. I need human expert's help.