stored XSS in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side