These days of several XSS vulns on known sites

The role and seriousness of cross-site scripting (XSS) vulnerabilities has been a subject of recent FD discussion.

The fact is that since Saturday 3rd Nov there are the following widely known targets: (two issues)
Additionally, several Yahoo domains have unpatched XSS issues. has its own XSS vulnerabilities as well.

According to the archives most of these are still unpatched. Some examples:

Symantec: XSS in search function at Enterprise section

Apple Developer Connection: XSS in search function
FBI: XSS in redirect-type URL (try manually)

Bank of America: XSS on Sign In page (https) has fixed both of its issues.