LinuxSecurity: "Big internet names are vulnerable to a hacker technique despite more than 18 months' worth of warnings, claims a security
expert. Security watcher Dave deVitry, of Infigon Technologies, released a shortlist of high-profile sites he claims are still
vulnerable to Cross Site Scripting including Citibank, Google, CNet, Oracle, MSNBC and eBay, complete with samples. And
yes, some of them do show signs of the vulnerability."
November 21, 2001