Re:I don't get XSS (Score 1)

From TFA: CTO for White Hat Security Jeremiah Grossman says the companies' whose sites are posted on the message board should immediately fix the XSS vulnerabilities and check their logs to be sure nothing got in. Cross-site Scripting is an attack against the clients not the server. There is no way XSS can be used to compromise the web server. I would expect more from the CTO of White Hat.