And an attack can also modify data. Even "public" data, like Wikipedia info, could be valuable to modify. You can attack a user that way by providing misleading information. Or carry out XSS-like attacks. Or just insert spammy links or redirections all over the page.