XSS vulnerability found in The Largest Independent OpenID provider "myOpenID" ,Discovered by "SeeMe" - Member of Inj3ct0r Team.
Using this XSS vulnerability an attackers can do session Hijacking(stealing session ID). The session ID is very valuable because it is the secret token that the user presents after login as proof of identity until logout. If the session ID is stored in a cookie, the attackers can write a script which will run on the user's browser, query the value in the cookie and send it to the attackers. The attackers can then use the valid session ID to browse the site without logging in. The script could also collect other information from the page, including the entire contents of the page".
Poc is here.
To know more about XSS Vulnerability and risks
