The implications are very simple. With XSS, one can control a target users browser to make it do whatever they want it to do. From here, if one can exploit a browser vulnerability, they can control the target users machine to do whatever it is they want it to do. The rest is how you want to use this kind of access. Cookie theft and location forwarding are just some possible repercussions. zero wrote: > Hi all, > I'm working on a CSS paper, and I was wondering, what are the real > implications of a CSS attack. When some site is vuln to a CSS problem, > you're able to execute code on the web. I've thought about the implications > of this. First of all: > - You can steal cookies from users > - You can send bogus links faking the original site: i.e > http://site/vuln.php?query=