Exploiting cross-domain scripting vulnerabilities?

[Alla Bezroutchko <alla () scanit be>]

Hello all,

Quite a few browser vulnerabilities (BugTraq ID 5473 - Web Folders HTML 
injection - being the latest) allow a web site to execute HTML code in 
"Local Computer" security zone. At least those bugs allow a web site to 
read local files. My question is: is there anythign else you can do with 
this type of bug? Like running arbitrary commands?

Usually you have a piece of text of limited size that you can inject. 
This rules out Java applets as far as I understand. Wscript.Shell 
ActiveX control also seems to be a problem because IE shows a dialog box 
saying something about unsafe ActiveX controls. So is there anything 
else interesting one can do with cross-domain scripting?

Alla.