I was cruising some local web design/development competition in my area (portfolio browsing in particular), when I checked out this site. Curious about their layout choice, I opened up the source. Near the bottom, they were very clearly the victim of a cross-site scripting attack. I have already notified the site owner as well as the company that did the development. I thought Hacker News might find this somewhat interesting though, as I know I've heard all about this, but never actually seen/discovered one.