Ajax

All the big sites such as Microsoft, Google, eBay, and Yahoo have experienced cross-site scripting flaws in the past but where Ajax does change the threat landscape is that it allows an attacker to exploit XSS vulnerabilities in a more covert manner. Malicious code can make multiple requests in the background while the user will be unaware of anything untoward happening. XSS attacks can be used to steal data, take control of a user's session, run malicious code, or launch phishing scams.