An Oldie but Goodie: The Cross-Site Scripting Vulnerability
Most commonly exploited avenues are search boxes or online forums. All an attacker has to do is insert malicious code in between scripting tags that the Web page will accept, by using <FORM> or <APPLET> tags, for instance. What makes this vulnerability especially prevalent is the number of different languages and technologies a Web designer needs to understand in order to protect against it. The exploit is possible using CGI, Perl, JavaScript, Java, .ASP, C++, and simple HTML.
The link for this article located at EarthWeb is no longer available.