Attack  ·  Glossary

Stored cross-site scripting (Stored XSS)

An attack where a malicious script is permanently saved inside a website or application — for example, in a chat log or AI pipeline configuration — and then runs automatically in the browser of anyone who views that content. Unlike a one-time phishing link, the script persists and executes repeatedly, potentially taking over admin accounts or injecting further malicious content. In AI chatbot and RAG platforms, this allows even low-privilege contributors to plant code that executes in administrator sessions.
A single stored XSS payload in an AI tool's admin interface can hand attackers full control of the platform, exposing every customer conversation, AI configuration, and integrated credential stored within it.
OWASP — Cross Site Scripting (XSS)
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →