Definition
Plain language
An old web security flaw where an attacker sneaks their own code into a web page so it runs in other visitors' browsers.
As stated in the literature
Cross-site scripting — injection of attacker-controlled script into web content; the 'reflected' variant fires in a single request while 'stored' XSS persists in a site's data and executes for every later visitor, used as the historical analogy for persistent prompt injection in agents.
Also called: cross-site scripting
Why it matters: It is a long-studied web attack whose 'stored' form mirrors how malicious instructions can lurk in an AI agent's saved data and fire for future users.
For example, an attacker posts a comment containing hidden script on a forum, and the script runs in the browser of everyone who later views that page.
Heard on the show
“And the authors reach for a historical parallel that I think is the single best thing in the paper — the web went through this exact transition twenty years ago, with cross-site scripting.”Episode 113 — What If a Prompt Injection Never Left? Attacks That Wait in Agent Memory