Hackers at a website have posted a number of cross-site scripting (XSS) vulnerabilities in a number of sites, including security vendors Eeye, F-secure and Cisco.
As you probably know, cross-site scripting is a method to where something from one source can be inserted into another. A common use is in phishing, such as making a phishing site magically appear to be the real financial site.
For example, clicking here will take you to the Sun site, with a wonderfully self-serving message. (And if you want to get really irritated, click here to go to the Cisco site, but don’t tell me I didn’t warn you).
Brian Krebs has more details, here.
Alex Eckelberry
UPDATE: The XSS links above have been fixed by at least Cisco. I think the Sun one should still work.