@cR0w CVSS is exceptionally bad at scoring XSS

@cR0w the reason for the high score is that gaining control of Aria via XSS would allow a threat actor complete control of all Aria connected hosts and applications. Including public cloud and storage. Ransomware operator's wet dream would be superuser on Aria, because you could whack backups as well as the entire environment.