Even google famous video sharing website Youtube is vulnerable to XSS attacks. The attack is surprisingly simple and I wonder why it has not been tried before.
Hackers were able to use this vulnerability during last days to redirect users to porn websites.
XSS attacks are very difficult to protect against. Input filtering can never be the solution. What is needed in automated tools to systematically protect against this attack.
Dr. Tejeddine Mouelhi