A hacker can leverage flaws in a website’s javascript code to compromise the cookies stored in your web browser, which could lead to them stealing your personal information, or even your login credentials to that website and others. In some cases they could even steal the contents of your system clipboard, other website cookies, and usernames/passwords.
Similar to drive-by downloads, this type of attack can happen when visiting otherwise trustworthy websites. Sadly, the website owner is usually unaware that any of this is even going on.