The Microsoft Azure HDInsight open-source analytics service has a number of cross-site scripting (XSS) vulnerabilities that have been addressed but might still be used by threat actors for harmful purposes. Microsoft fixed the problems as part of their August 2023 Patch Tuesday upgrades.
According to a report given to The Hacker News by Orca security researcher Lidor Ben Shitrit, “the identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions, ranging from data access to session hijacking and delivering malicious payloads.”