E-Commerce Times : E-Commerce Sites Fail Security 101 An article covering more of the Cross Site Scripting holes I posted here. The only misleading thing in the article is that it may appear that you could get a list of credit card numbers of multiple people at a time. That's not really true, one could have only gotten user information one person at a time, going through their browser. What I really liked about the article is that it's the first one to indicate just how common this problem could be.