It's psosible to sniff XML data from different application domain.
vulners.com/securityvulns/securityvulns:doc:6593