Vanilla: Hidden Stored XSS in nested post embeds

Summary: Comments can be crafted in a way that when quoted will trigger a hidden stored XSS payload. Requires initial user interaction. Description: When quoting a comment, an attacker can edit the insert embed-external data url field to contain a string which when parsed, can result in the...