By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged in user’s session by stealing cookies. This means that the malicious hacker can change the logged in user’s password and invalidate the session of the victim while the hacker maintains access.
1. Logon into any wordpress application (localhost or public host) 2. Modifying the value of tab variable in Blubrry PowerPress Version 6.0.4 3. Fill all the variables with ">alert(document.cookie);