The HP Security Labs blog is pointing to a new database scanning tool called “Scrubbr” that can help check numerous database technologies for the presence of possible stored cross-site scripting attacks.
Scrubbr (download here) is described a Java program which connects to your database (MySQL 5+, MS SQL 2005+, and Oracle) directly and analyzes databases or specific tables looking for XSS strings. The strings are defined via an XML — it comes with files from the OWASP AntiSamy project, but can be customized as needed.