All "topic sites" on about.com suffer from cross site scripting and iframe injection vulnerabilities. The researcher has reported this to about.com but they have not responded nor addressed the issues since October, 2014.
6b185b212d9c7e8b5cca27a8726c53efde81fba88595fbd45215392b45fc3395
SnipSnap versions 0.5.2a, 1.0b1, and 1.0b2 suffer from a cross site scripting vulnerability. This vulnerability was already previously discovered by Sony in February of 2012.
fcea8ba9882cab2ac85b8f16e4498e3aa6343df7e0a6823369ecd9b60bd92259
SmartCMS version 2 suffers from multiple cross site scripting vulnerabilities.
d555b444dbeca536ed18b052a1222905eb7bad519789a5478cf859d96838bbc8
SmartCMS version 2 suffers from multiple remote SQL injection vulnerabilities.
e1e15790d42f90cde2cfadfe486a281cb2d46f6ec3aa8cb911ff47fef02976c6
Various Alibaba sites suffer from cross site scripting and open redirect vulnerabilities.
4122adb3397a297f4e601144cc131e86b766b44301d48f154f47babf55aaeed6
This advisory discusses open redirect issues in Facebook, both old and new.
4aa7a6ba3a89f57a83a96ba40e358dfc5dc69f38da33da44ddb91cbefd30001b
SoftBB version 0.1.3 suffers from a remote SQL injection vulnerability.
a9bb05a54bd65d9af31a678686b7470862a10aaaebecb3d2413aa5f42f59e1c6
SoftBB version 0.1.3 suffers from a cross site scripting vulnerability.
0ca30b39797f9ec334d5344c1f04d6191ef6d5d061f806698971f94c3a84e33c
Ex Libris Patron Directory Services version 2.1 suffers from an open redirection vulnerability.
17a847f6cf2d103df094c681d21bff37daf5bd35df9356102400dd835ed770a6
Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.
a3b5ead6e76494619c7357d9c2e36a3ff71e90dec08243d6f7e34d5f87d1d734
The travel.cnn.com and ads.cnn.com sites suffer from cross site scripting and open redirection vulnerabilities.
0d6722f00690a9f4f5bb9bcaf068b17df31ede688b0b375bd5e9204e1bce1236
TennisConnect version 9.927 suffers from a cross site scripting vulnerability.
f244ce41ca3796d1fe50df063102d77a36ce63a9dccf714002f9f9bc5e5626eb
JCE-Tech version 4.0 suffers from a cross site scripting vulnerability.
441a179317009110053a59995e002c92691f62f5c3041ef3ea86ee2cfe8b31c8
goYWP WebPress version 13.00.06 suffers from multiple cross site scripting vulnerabilities.
a21be4dd03bd59d3528f15a9288cff274f06afcc7ee938c5319f87766878e5f3
espn.go.com suffers from cross site scripting and open redirection vulnerabilities.
5b0500a08b374806d0cceeb29f4910ac61b0bf1fa95d2f59f39a461e09d32362
PingFederate 6.10.1 SP Endpoints suffers from an insecure open redirection vulnerability.
307ec0f26e1b56f889b6bc6eba42d8c7a38d6b28d7d8b41024565f9b0ee148f5
The India Times site suffers from multiple cross site scripting vulnerabilities.
27ec2357a0f195cb6415de9ecdba19bb9890d2d4f6cbd1342c38d2f4dcf4dd04
WordPress Ad-Manager version 1.1.2 suffers from an open redirection vulnerability.
481e53868adfd461ba5cde08f15d349c49cb6d5d3b80e29c05bf4b37ff39b763
Springshare LibCal version 2.0 suffers from a cross site scripting vulnerability.
4c0fe54916f30cdf49c6c044a53f873e35b2d1c4e776981a9ad714a82f7cc20f
Weather Channel's weather.com suffers from multiple cross site scripting vulnerabilities.
4659c08736f1b4bac545584b83972e574cc06de7ed4a970775fe6adbe922aacd
Atlas Systems Aeon versions 3.5 and 3.6 suffer from a cross site scripting vulnerability.
9ba04841645a78bda5e98d5917531ade59b39c79cb2d4828e6134f5a2d31375a
Google's DoubleClick suffers from open redirection vulnerabilities.
c23752baac6dd86cbf0176e6fdab70b9a1f185b1490d25b9a4eff4e7a5816ba2
Newtelligence dasBlog versions 2.1 through 2.3 suffer from an open redirection vulnerability.
acebdebb88e6ab98df4acc6febaad346406e10e0b78ca1a47d536a53a745058c
Multiple mozilla.org subdomains suffer from cross site scripting vulnerabilities.
1ecac9ea2c3cd9ffb7c4f35cbd560d270dc09bf2897a3217a41258f6d63cf053
OpenX version 2.8.10 suffers from multiple open redirection vulnerabilities.
777dfe1778ebee43de5c7970fcfe167872cabea8a13c7106abd4b6f0931c742f