An anonymous reader writes: You may remember the MySpace worm that automatically infected profiles by using cross-site scripting. Facebook users are vulnerable to a similar exploit, which could be used to compromise accounts or force users to post messages, join groups, etc. A demonstration of the exploit is included.
You are presenting only two options when there in fact, more than two options available. 3) Do not ilegally pirate copyrighted material.
An anonymous reader writes: There is a cross-site scripting vulnerbility on the registration page of popular social networking site Digg.com. The hole allows cookies and sessions of logged-in users to be hijacked, compromising the account. The exploit can be triggered simply by a user clicking a maliciously-crafted link. A full explanation and sample exploit code is available here
An anonymous reader writes: Bloggers have been buzzing about the new wave of "Web 2.0" campaign sites, but it seems that a lot of presidential candidates haven't bothered to protect themselves from cross-site scripting attacks. A blogger has found a collection of XSS vulnerabilities including the websites of Barack Obama, Joe Biden, John Edwards, Mitt Romney, John Cox, Newt Gingrich, Tom Tancredo, the Democratic National Committee, and even a surprise from Whitehouse.gov. Some of the holes are low-risk, but others would allow a user's accounts on the affected website to be compromised. A victim would simply have to click on a maliciously crafted link that appears to lead to the candidate's site.