{QUOTE-> Thousands of Web sites that were cited last year for harboring security flaws that could be used to attack others online remain a hazard and an eyesore along the information superhighway.

At issue are sites that harbor so-called cross-site scripting (XSS) vulnerabilities, which occur when Web sites accept input from a user -- usually from something like a search box or e-mail form -- but do not prevent users from entering malicious code or other instructions. <-QUOTE}Brian Krebs (http://voices.washingtonpost.com/securityfix/2009/04/creating_a_public_nuisance_wit.html)

I deal with that problem every single day (hundreds of times).

It seems to be especially bad with hosting companies that offer free websites. Bots auto-generate a site, upload a variety of scripts, and then launch attacks against other websites through the botnet.

Always a good idea to write secure code and make sure your websites are invulnerable to such attacks.