Automatic completion of passwords in web forms allows attackers to grab your password if an XSS vulnerability exists. We don’t usually associate XSS vulnerabilities with compromised passwords, but it is sometimes possible to steal login credentials through XSS vulnerabilities on a website. Take a look at the example attack below.