The following is a first-person narrative, written from the perspective of an attacker utilizing crosssite scripting (XSS) methodology combined with phishing. The intent is to describe motive, method,and consequence. As indicated in April’s toolsmith, XSS is an epidemic. Sadly, it is rarely given its due; XSS is often considered an attack unworthy of much concern. Yet, it is an attack of great consequence,if utilized by a motivated attacker. Statistics claim that 90% of all websites have at least one vulnerability,and 70% of all vulnerabilities are XSS.