Glossary · Term

XSS

← all terms

Definition

Plain language

An old web security flaw where an attacker sneaks their own code into a web page so it runs in other visitors' browsers.

As stated in the literature

Cross-site scripting — injection of attacker-controlled script into web content; the 'reflected' variant fires in a single request while 'stored' XSS persists in a site's data and executes for every later visitor, used as the historical analogy for persistent prompt injection in agents.

Also called: cross-site scripting

Why it matters: It is a long-studied web attack whose 'stored' form mirrors how malicious instructions can lurk in an AI agent's saved data and fire for future users.

For example, an attacker posts a comment containing hidden script on a forum, and the script runs in the browser of everyone who later views that page.

Heard on the show

“And the authors reach for a historical parallel that I think is the single best thing in the paper — the web went through this exact transition twenty years ago, with cross-site scripting.”
Episode 113 — What If a Prompt Injection Never Left? Attacks That Wait in Agent Memory

Mentioned in 1 episode

  1. 113
    What If a Prompt Injection Never Left? Attacks That Wait in Agent Memory

Related terms