recently I learned some web page hacking and it went well. The tutorial covered SQL injection, brute forcing, file inclue / upload vulnerabilities and other stuff. Everything went well, however I still have a huge question mark on cross-site scripting.
What can you do with this kind of vulnerability ?
Please enlight me =)