Thanks for the welcomes. EH seems like a pretty good forum that somehow I never stumbled upon until now.
Also any suggestions on how this page could be improved are welcomed. Although XSS is a fairly old problem, in my experience I find it all over the place in the applications put out at my place of business and across web in general. Even with certain filters protecting against stealing session cookies by stopping harmful tags like script and iframe, I have demonstrated how its possible to deface a webpage overlaying login forms that submit to my controlled server. Not all XSS can lead to something evil, but there are many creative ways they can be used and I see it as a major problem especially when used as a spear phish attack via email.
'all glory to the hypnotoad'