Two cloud security vulnerabilities — in Azure Bastion and Azure Container Registry — were found in Microsoft Azure’s services, which “allowed an attacker to achieve cross-site scripting (XSS) by using iframe-postMessages [and] allowed unauthorized access to the victim’s session within the compromised Azure service iframe,” according to Orca Security.