The tool takes advantage of cross-site scripting, a common bug in Web sites that takes control of a user's browser when he or she clicks on a specially crafted link, or in some cases, simply visits a compromised page.

FORBES: Magazine Article

The security world has long seen the Web as a buggy, infected tangle of sites vulnerable to hacks like cross-site scripting and SQL injection.

FORBES: Researchers Say Hijackable Bug Infects 30% Of Websites