XSS vulnerability
By exploiting a Cross-site scripting vulnerability the attacker can hijack a user's session. This means that the malicious hacker can change the user's password and invalidate the session of the victim while the hacker maintains access.