An Author user could be exploited by use of โselfโ XSS. This usually requires social engineering and user interaction.