Some websites validate some bits and pieces but fail in other cases assuming that user will not pass anything strange there.
French OS Con website is and example of that XSS security risk.
If you go to this wage:
You will see there is a link go back to previous post. Unfortunately this post's id is take straight from the requested URL (GET parameter) without any cast or validation. It is an common case of XSS errors where page number, date or id is passed around in links and it is n...
