As you might picked up in the news, two 14 year old students found a XSS vulnerability in a popular HTML comment box. Hackers Karim Rahal and Ibram Marzouk found multiple cross-site scripting vulnerabilities in the component.