{QUOTE-> Over the past two weeks, I worked with Lance James, chief technology officer for Secure Science Corp. and an expert on phishing attacks, to find and report a large number of such flaws in high-profile banking and e-commerce Web sites. The sites we looked at all were vulnerable to what are known as "cross-site scripting" (XSS) attacks, which occur when Web sites accept input from the user -- usually from something like a search box or e-mail form -- but do not properly filter that input to strip out or disallow potentially malicious code. <-QUOTE}
Brian Krebs (http://blog.washingtonpost.com/securityfix/2006/06/flaws_in_financial_sites_aid_s.html)