Update: Dealsandyou has fixed the bug. Responded on twitter with a thanks.

I was looking at dealsandyou.com a couple of days back and something (may be their bad design) made me do a XSS vulnerability test on their “Search” input box using the XSS Locator code snippet. Voila!, an alert box popped up confirming my hunch. Continue reading