From the doc: 'a new way to inject HTML scripts, which makes use of the same method described in the paper by Jochen Topf called The HTML Form Protocol Attack. This novel method of injecting Active Scripts allows a person, who has knowledge of the services running on a network, to steal cookies, which can possibly mean hijacking of Web Application authentication as well as other sensitive information stored in cookies'