n8n has XSS in Chat Trigger Node through Custom CSS

Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat...

Moodle Cross-site Scripting vulnerability

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk...