A very good example of XSS is when a malicious user executes a script in a valid shopping site URL then a user will be forwarded to a bogus but identical page. The malicious page would run a script and will capture the cookie of the user browsing the shopping site, and that cookie returns to the malicious user who can now take control of the legitimate user’s session.

In this case no real hack has been performed yet against the shopping site anyhow XSS has still breached a scripting weakness in the page to snare a user and take command of his session.