> JavaScript can provide phishing and accessing cookies, but beyond that, I'm not really sure what else it can offer
if you had success putting your JS payload on target website you can do anything. Period. From from stealing user's passwords (http://homakov.blogspot.com/2012/11/xss-save-your-password-p...) to executing any authorized request POST /send_money. The last thing attacker will do is to "phish" you.
if you had success putting your JS payload on target website you can do anything. Period. From from stealing user's passwords (http://homakov.blogspot.com/2012/11/xss-save-your-password-p...) to executing any authorized request POST /send_money. The last thing attacker will do is to "phish" you.