Yes Cross Site Scripting (XSS) errors are all over the place. And YES they can affect very prominent web sites.
The discussion forum area on Barackobama.com is allegedly the victim of a XSS exploit that redirected comments from Obama’s site to….HillaryClinton.com.
A hacker going by the alias of ‘Mox’ has claimed responsibility for the exploit. Mox argued that the Obama site was not ‘hacked’.
It is because what I did was not hacking in the sense that I burrowed
into some dusty served and changed the Obama site and stole all your
credit card numbers. All I did was exploit some poorly written HTML
code.
The application security vendors (Fortify, Coverity, Watchfire, Cenzic etc) will all likely have a field day with this one. Clearly as InternetNews.com and other technical trade outlets have been reporting for the last two years, XSS attacks are a serious issue. With a high profile public exploit of a presidential candidate now attributed to XSS, the notoriety (and popularity) of XSS will unfortunately likely grow even more.