There's a person on Facebook who says our site is vulnerable to a cross-site scripting attack. Anyone curious about finding out more, and seeing if you can reproduce the issue, and then submitting a patch for it? It is probably a fairly simple mis-use of templates, so this doesn't require a security background. -- Asheesh.