This page collects WhisperX intelligence signals tagged #stored XSS. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical stored cross-site scripting (XSS) vulnerability has been identified in the EmpCloud API, allowing attackers to inject and persistently store malicious JavaScript code within the platform's policy management system. The flaw resides in the `POST /api/v1/policies` endpoint, which accepts and stores raw HTML an...
A stored Cross-Site Scripting (XSS) vulnerability has been identified in Apache Superset's chart visualization component. The flaw allows an authenticated user with chart edit permissions to inject malicious code into column labels, which the application fails to sanitize before rendering. When other users interact wit...
A stored cross-site scripting (XSS) vulnerability in Yuzu has been identified, allowing controlled agent endpoints to inject malicious JavaScript payloads into the dashboard through unescaped event fields. The flaw affects GuaranteedState event records that store agent-supplied `detected_value`, `expected_value`, and `...
A high-severity stored Cross-Site Scripting vulnerability has been identified in Grav, a file-based web platform, affecting all versions prior to 2.0.0-beta.2. Tracked as CVE-2026-42612 with a CVSS score of 8.5, the flaw enables publisher-level accounts to execute arbitrary JavaScript through a blacklist bypass in the ...