Microsoft addressed two XSS vulnerabilities in Azure Bastion and Azure Container Registry (ACR) leading to unauthorized access to sessions.