Yuzu Agent Vulnerability: Stored XSS Risk in GuaranteedState Event Fields Exposes Dashboard Operators

A stored cross-site scripting (XSS) vulnerability in Yuzu has been identified, allowing controlled agent endpoints to inject malicious JavaScript payloads into the dashboard through unescaped event fields. The flaw affects GuaranteedState event records that store agent-supplied `detected_value`, `expected_value`, and `remediation_action` fields without server-side sanitization. These fields, originating from the agent's guard implementation, are returned to the dashboard via REST API without HTML escaping, creating a direct injection pathway if the dashboard renders values as innerHTML.

The vulnerable code path is located in `rest_api_v1.cpp` around line 2380, where the API directly appends agent-supplied data to JSON responses without sanitization. An attacker controlling an endpoint running the Yuzu agent can exploit this by triggering a drift event where the reported `detected_value` contains a JavaScript payload. The malicious payload persists in the database and executes in the context of dashboard operators' browsers upon retrieval, compromising operator sessions or enabling further attacks against internal infrastructure.

The vulnerability raises significant security concerns for organizations deploying Yuzu in production environments, particularly where dashboard access is granted to multiple operators or where agents operate across untrusted network segments. Without input validation or output encoding on the server side, any compromised or malicious agent endpoint can leverage this path to target personnel with dashboard access. Security teams should audit dashboard rendering implementations for innerHTML usage, apply context-aware output encoding for returned event fields, and consider network-level controls to restrict agent-to-server communication to trusted sources. Patches addressing the sanitization gap are not yet referenced in available disclosure records.