Avast.com suffers from a cross site scripting vulnerability. This was sent to Packet Storm anonymously and was reported to the vendor. The vendor has not addressed the issue for months so it is being disclosed publicly in order to shed light on the issue.
1c3a06c072fae66bc640f5b7d482bbf52f72ae43fd03ae40a890739e3abdc7e3