This page collects WhisperX intelligence signals tagged #cross-site-scripting. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Security researchers have identified a potential gap in Angular's production-mode security controls that may allow click-triggered cross-site scripting through specific attribute binding syntax. The vulnerability, reported through Angular's official GitHub issue tracker, centers on the interaction between `[attr.onclic...
A cross-site scripting vulnerability has been identified in the webchat channel implementation located at `channels/webchat`. The adapter renders agent responses using `innerHTML` or equivalent methods without applying sanitization, creating a direct pathway for malicious script injection when agent responses incorpora...
A high-severity cross-site scripting vulnerability has been identified in the frontend codebase of the homeschool-hero repository, according to an automated security scan. The finding, flagged by GitHub's CodeQL scanner on May 11, 2026, targets the FileUpload component located at `frontend/src/components/features/FileU...
A critical cross-site scripting vulnerability has been identified in the application's dashboard controller, stemming from unsanitized user input persisted through cookies. The flaw allowed attacker-controlled `params[:font]` values to be stored in `cookies[:font]` and subsequently injected—without escaping—into an inl...