I found an interesting article over at the Dark Reading website about a technique that was recently covered at Black Hat Europe. The hack involves combining XSS and CSRF to gain control of a browser and launch attacks against other sites using the users level of access.
An example giving in the article would be to gain control of a corporate users browser and then attack corporate servers from inside the firewall.http://www.darkreading.com/document.asp?doc_id=120801&WT.svl=news1_4
If you're like me, and you've never heard of CSRF before, you can read about it in more detail at wikipedia! http://en.wikipedia.org/wiki/CSRF