An attacker could exploit the vulnerability by constructing a Web page that, when visited by the user, would execute code of the attackers choice with user privileges.