This attack utilizes the frequent client-server roundtrips in Ajax
						conversation to scan a system. While Ajax does not open up new
						vulnerabilities per se, it does optimize them from an attacker point of
						view. In many XSS attacks the attacker must get a "hole in one" and
						successfully exploit the vulnerability on the victim side the first time,
						once the client is redirected the attacker has many chances to engage in
						follow on probes, but their is only one first chance. In a widely used web
						application this is not a major problem because 1 in a 1,000 is good enough
						in a widely used application.