A new Cross Site Scripting (XSS) vulnerability has been found in IE 11. According to an email sent by David Leo, a researcher with information security company Deusen, to the Full Disclosure mailing list, the vulnerability can allow an attacker to steal anything from a third party domain, and likewise inject anything into a third party domain.