Privilege escalation via cross-site scripting with MITRE ATT&CK