Here's a quick link recap of the ongoing drama occurring on sla.ckers.org. Dozens and dozens of XSS issues are being disclosed in major websites, even in security companies (Acunetix, F5, ISC2, etc.). Acunetix and F5 say, we're not vulnerable! A couple security industry folk question the strategy of their response and offer they're own two cents worth of advice. The hackers strike back by identifying other XSS issues, this time with pictures of STALL0W3D!1. Acunetix says still no, must have been our honeypot.
Bottom line: Time to find and fix your XSS issues before you end up on the wall of shame, or worse.