1. EmpCloud API Exposes Stored XSS Vulnerability in Policy Endpoint
A critical stored cross-site scripting (XSS) vulnerability has been identified in the EmpCloud API, allowing attackers to inject and persistently store malicious JavaScript code within the platform's policy management system. The flaw resides in the `POST /api/v1/policies` endpoint, which accepts and stores raw HTML an...