If I have mentioned some security flaw that Facebook ever faced , like how to view facebook private profile pictures , some another facebook security flaws just have been discovered during the late 2008 until January 2009. And I’m pretty sure there will be more facebook xss hacking in 2009 . Some major facebook xss vulnerabilities has been published on Xssed.com (the most well-known website for xss news). And of course , you’re very allowed to leave this post if you still think Xss is not dangerous at all . Some critical Facebook Xss flaws can infect million facebook members with malware. And it’s not impossible for a new facebook xss worm to be developed under these circumstances.
The first Facebook xss vulnerability was occured on facebook reset password page :
Mirror : http://www.xssed.com/mirror/55951/
The 2nd : (with POST)
The 3rd :
The 4th : (with POST)