Google suffered from a cross site scripting vulnerability via UTF-7.
16145040a7cac6e9c01f87901218be0de9bde0bb5338026746f2d8aaaf137f14
Yahoo! suffered from a cross site scripting vulnerability using UTF-7. This has been fixed already.
2e06f080021ff60bcf8b9cb7489435c704164dac4045d1cfd13d9742c972bf6b
The Atom feed in www.ibm.com is susceptible to cross site scripting attacks.
8594a8f0707bbe9347aa863ec75647e87cd75f7b7fd157f2619aa5aef11de528
In Internet Explorer, using the mhtml: protocol handler and using Outlook Express's feature, arbitrary resources (such as HTML, image, application file and so on) can opened as MHTML formatted file and Content-Type: is disregarded.
379ef6bb17aaa05e0d8acff0481a2b322c0bc4e0908f5922391b81fb379775d0