A stored XSS vulnerability in EspoCRM 5.6.8's email signature field (exploited via polyglot payload bypassing sanitization) allows attackers to steal authentication cookies when victims reply to emails, enabling complete account takeover of any user including admins. The vulnerability stems from unprotected HttpOnly cookies containing Base64-encoded credentials that can be extracted via malicious JavaScript.
A persistent XSS vulnerability on eBay's My World profile section exploited a blacklist-based HTML filter that failed to block deprecated tags like <plaintext>, <fn>, and <credit>. The attacker chained this with event handlers, String.fromCharCode/eval to bypass character limits, missing CSRF protection, and unHTTPOnly cookies to create a self-propagating worm that could steal session tokens.