Recently we exploited nice XSS vector in one of RBS (Remote Banking Service) system. This example shows very well how dangerous can be client-attack.
Client after the authorization could sign electronic documents.
For signature from browser developers used CAPICOM technology.
read more........http://lab.onsec.ru/2013/04/how-xss-can-defeat-your-digital.html