An Azure zero-day XSS with sandbox escapeChaining a command injection into a stored XSS that jumps from a compromised SaaS site to the Azure administrator through the Kudu console.
XSS explainedThe three ways to deliver a Cross-Site Scripting payload, the attack vectors that make it dangerous, and a short history of XSS in the wild.