Cross-site scripting is one of the biggest Web application threats. XSSed.com, which claims to have the world’s largest database of publicly revealed bugs, recently began offering a free e-mail alert service to notify companies when they receive a vulnerability affecting the company’s site. To date, the site says it has posted more than 17,000 listings; visitors can locate relevant vulnerabilities with the help of a search engine. The archive relies on submissions in addition to listings from other IT security forums and sources. It also includes related vulnerabilities, including HTTP response-splitting, open redirects, and other phishing-related issues. It’s this months Site to See.