cross-site scripting vulnerabilities and exploits