Long ago, I (and maybe many other person, maybe you?? 😀 ) thought that XSS vulnerability is not dangerous. It is so minor bug. That because I was thought that “best” bug is a bug that could be used directly to shell server. Mmmm, maybe right, maybe not so right, maybe wrong at all.
This video shows you how dangerous XSS vulnerability is. In this case, it is combined with lack of secure cookie implementation.
Watch the video here