XSS isn't a critical issue. CVSS2 define a standard XSS ~4.3/10, more critical are CSRF ~6.8 or Open Redirect ~5.8. It's no sense public XSS in ONE website on this list! Too many websites are vulnerable. If someone have a nice XSS in software like phpmyadmin, it could be interesting.
-- Best regards, Maksymilian Arciemowicz ( http://cifrex.org/ )
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
