Cross-Site Scripting: Attackers’ New Favorite Flaw