Definition
An attack where a malicious script is permanently saved inside a website or application — for example, in a chat log or AI pipeline configuration — and then runs automatically in the browser of anyone who views that content. Unlike a one-time phishing link, the script persists and executes repeatedly, potentially taking over admin accounts or injecting further malicious content. In AI chatbot and RAG platforms, this allows even low-privilege contributors to plant code that executes in administrator sessions.
Why it matters
A single stored XSS payload in an AI tool's admin interface can hand attackers full control of the platform, exposing every customer conversation, AI configuration, and integrated credential stored within it.