This page collects WhisperX intelligence signals tagged #XSS vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw in EmpCloud's API allows attackers to inject and store malicious JavaScript code directly into the platform's announcement system. The vulnerability, a classic Cross-Site Scripting (XSS) issue, was discovered in the `POST /api/v1/announcements` endpoint. During testing, raw HTML and JavaScript ...
A critical internal security audit has been initiated to assess potential cross-site scripting (XSS) vulnerabilities across all user-generated content rendered by the application. The audit targets a wide attack surface, including practice item titles and notes, session notes, improvement notes, weak spots, assignment ...
A critical security concern has been raised in the Nester decentralized application frontend. The `wallet-provider.tsx` component, located at `apps/dapp/frontend/components/wallet-provider.tsx`, persistently stores the connected wallet's public key and wallet provider identifier in the browser's `localStorage` under th...
A high-severity vulnerability, CVE-2026-44665, has been identified in the fast-xml-builder npm package (versions prior to 1.1.7), exposing applications to attribute injection attacks. The flaw, detected by Trivy security scanning, stems from improper handling of quotes within XML attribute values when entity processing...