Salesforce plugs silly website XSS hole, hopes nobody spotted it Secure Hunter

Web development 101: Thou shalt stop thy users from inputting JavaScript

A cross-site scripting (XSS) vulnerability on Salesforce’s website might have been abused to pimp phishing attacks or hijack user accounts. Fortunately the bug has been resolved, apparently before it caused any harm.…

The Register – Security
Secure Hunter Anti -Malware