Does anyone know how serious this is?

Hello, everyone!

I am hoping that someone here can answer how serious Open Source Vulnerabilities, specifically Cross-Site-Scripting vulnerabilities of the Medium risk category, actually are?

More to the point, are they the sort of things that should raise red flags if they exist in the MarCom environment?

If they're not a big deal, could someone suggest how I might talk to a customer that thinks they are a big deal? How might I assure them that the system is not affected by these vulnerabilities?

Thank you,

Craig Hodder