In the newly announced list, the cross-site scripting (XSS) threat score is 46.82. When describing the dangers of cross-site scripting (XSS), CWE wrote: The attacker can transfer private information on the victim’s machine (such as cookies that may contain session information) from the victim’s computer to the attacker. If the victim has the administrator rights of the site, it will pose a major threat to the site.
In compiling the 2020 list, the CWE team referred to common vulnerabilities and exposures (CVE) data in the National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST). The team also considered the Common Vulnerability Scoring System (CVSS) score associated with each CVE.