Web administrators beware: Cross-site scripting vulnerabilities are now far more attactive targets than more notorious bugs such as buffer overflows, according to new figures from Mitre, a U.S.