I am kinda new to XSS, but am intrigued by how it works. I have found sometimes you can get javascript messages to pop up and such, but if it's not being stored in a database, what good is it? Take for example Iwillusa.com (a motherboard maker's website). They have a product page that I saw had some html in the URL: http://www.iwillusa.com/products/spec.asp?ModelName=DVD266>u</i>-RN&Su pportID= I edited it and it became: http://www.iwillusa.com/products/spec.asp?ModelName=DVD266u-RN