The dangers of having XSS vulnerabilities in AJAX enabled web applications. Many websites are offering a customized homepage with widgets or modules of code that allow you to bring together many pieces of information onto your homepage. An attacker could craft a malicious javascript virus that would infect the page of the user to control the stock trading widget. The vulnerability can be easily fixed by employing strict input checking using a whitelisting algorithm and HTML encoding all output to the browser. The best technique for whitelist input checking is using regular expressions. Regular expressions should be built into a validation library.”]
Source: https://www.csoonline.com/article/2136908/crashing-the-stock-market-with-xss-and-ajax.html