There's a thread about it on stackexchange here: http://security.s. . .src-xss-do
It's also a perfect vector for CSRF, and could be used to do almost anything, if the site in question hasn't protected everything dangerous with tokens.Plus with CSRF it's all done silently in the background so the victim would be none the wiser.
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.