When the script runs, the hacker gets access to steal the cookies. When a server or a website lacks essential security parameters, the hackers can easily inject client-side scripts, like JAVA ...