Team Elite, a team of white hackers, disclosed last week Cross Site Scripting (XSS) vulnerabilities on the sites of three antivirus vendors: Symantec, ESET, and Panda Security. All three vendors promptly closed the vulnerabilities. The mere fact that the sites of security specialists host such well-known vulnerabilities highlights the difficult to create a clean secure software/site.
XSS is probably one of the most spread (and faster growing) vulnerability on the Web. The next issue of the security newsletter (#17, to be issued within a fortnight) will touch this issue of XSS. XSS is to Web sites what buffer overflow is to normal software: a well-known issue that nevertheless always appears.
The site of Team Elite is a nice repository of many vulnerabilities.