is any unknown vulnerability from any type considered as 0 day vulnerability ?
as example if i discovered xss vulnerability in a website which is unknown for users and developers, then does that mean i have discovered a 0-day vulnerability ?
or it means a new type of vulnerabilities which is found for the first time ?
according to the first definition i deduce that zero days vulnerabilities is very common and doesn't represent the intelligence or excellence of it's discoverer ! and this deduction is against the public opinion
and according to my other definition i deduce that all known types of vulnerabilities were zero days in the past ! so xss,sql,file upload,RCE..etc all of these were zero days vulnerabilities previously ?
i am really confused
==== edit ===
my question is not duplicated because it's about specific part of zero day definition, the known answer tell me that a 0day is a vulnerability which is unknown for the software developers
but that isn't a precise definition as it keeps some questions unanswered :
like : .. what is the essence of 0day ? is it a new type of vulnerabilities which could be exist in any software or it's just one of that common vulnerabilities which is found in a software without informing it's developers?
if it's a new attack vector so could someone give me an example of a 0day vulnerability of the past which is known now and no longer considered a 0day