A Stored Cross-Site Scripting (XSS) vulnerability was identified on the /account/email page for www.xvideos.com. The vulnerability arose from the improper handling of SMTP error messages, which were passed into the html() method without proper sanitization, allowing an attacker to store and execute arbitrary JavaScript code on the affected page. The vulnerability was classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site…Read More