Umbraco versions prior to 7.4.0 suffers from server-side request forgery, cross site request forgery, and cross site scripting vulnerabilities.
20bc965b21baa931f940d7ed6d8a9e9f44777aeb1ea263df14aa21c1cf9f5104
Drupal version 8.0.0 Beta 14 suffers from a cross site scripting vulnerability. Drupal's sad fix was to simply throw an .htaccess file in place to block access to the file.
5bd347c6e00b7474b1898520fa6e4c484efeb9fdb98a576944cad1bd5ccda41a
Live.com suffered from a UI redressing attack.
225b94c84cff17ea94e1fb2b927ea713b15076fee01dcd5ee0b5645ae0ed3abf
The service at anti-virus.cloudflare.com suffers from a cross site scripting vulnerability.
b6ee5497426ebce31868121289c9ae738ae0ad5026abab52cd9dbc4650ad8848