These days of several XSS vulns on known sites
The role and seriousness of cross-site scripting (XSS) vulnerabilities has been a subject of recent FD discussion.
The fact is that since Saturday 3rd Nov there are the following widely known targets:
www.paypal.com (two issues)
Additionally, several Yahoo domains have unpatched XSS issues. Mastercardfrance.com has its own XSS vulnerabilities as well.
According to the Xssed.com archives most of these are still unpatched. Some examples:
Symantec: XSS in search function at Enterprise section