The vulnerability, which Fortify calls "JavaScript hijacking," can be exploited in Web. 2.0 applications that make use of Asynchronous JavaScript + XML (AJAX) technologies and have been.