This page collects WhisperX intelligence signals tagged #Cross-Site Scripting. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A medium severity Cross-Site Scripting (XSS) bypass vulnerability exists in DOMPurify versions 3.1.3 through 3.3.1. The vulnerability, tracked as CVE-2026-0540 and GHSA-v2wj-7wpq-c8vv, affects the library's `SAFE_FOR_XML` sanitization mode. The flaw stems from missing protection for five rawtext HTML elements (`noscrip...
A high-severity security vulnerability has been identified in the 'Web_Server Service' component. The vulnerability is classified as Cross-Site Scripting (XSS) under CWE-79 and falls under the OWASP A03:2021-Injection category. The core issue is that the process does not encode output, which creates a potential attack ...
A security audit has identified a critical architectural vulnerability in the platform's authentication system. Both access and refresh tokens are currently stored in the browser's `localStorage`. This storage mechanism makes the tokens accessible to any JavaScript code executing on the page. The primary risk is that i...
A security vulnerability report identifies a Cross-Site Scripting (XSS) vulnerability in the RSOLV-dev/nodegoat-vulnerability-demo repository. The vulnerability is classified as HIGH severity and is present in one file. The specific issue is located in `config/env/development.js` at line 11, where the code directly use...
A high-severity reflected cross-site scripting (XSS) vulnerability has been confirmed in a staging environment, allowing attackers to inject and execute arbitrary JavaScript code. The flaw resides in a web application where the value of the `lang` request parameter is copied directly into the HTML document as plain tex...
A high-severity stored Cross-Site Scripting vulnerability has been identified in Grav, a file-based web platform, affecting all versions prior to 2.0.0-beta.2. Tracked as CVE-2026-42612 with a CVSS score of 8.5, the flaw enables publisher-level accounts to execute arbitrary JavaScript through a blacklist bypass in the ...