I reported a bunch of reflected Cross-site Scripting vulnerabilities to Condé Nast in August. Some of them have been fixed:
- Ars Technica
- Golf Digest
- Vogue & Teen Vogue
Update 31-Jan-2013: three sites have been fixed and marked below
Thanks to Jason for helping with the domains above. Some issues are not fixed and my contact does not have direct control of these sites:
Architectural Digest Fixed
Vanity Fair Fixed
Lucky Magazine Fixed
I hope these issues will be fixed eventually.
Users should be careful and avoid clicking on the links that are pointing to XSS vulnerable domains.