Cross-Site Scripting Tops CWE’s Most Dangerous List