Hi! There are a lot of CSS vuln discovered everyday. As i have understood Cross site scripting is all about stealing a cookie, right? Cookies do not contain logins and passwords in them. So what is so important about them? I know that you can steal someone's session id and enter his mailbox but still you are limited. I am not quite familiar with it so my question is what is the worst thing attacker can do (besides stealing cookie), with a website which is vulnerable to cross site scripting? Please enlighten me! Thanks
--------------------------------------------- This message was sent using Endymion MailMan. http://www.endymion.com/products/mailman/
