"The takeaway is that researchers are paying a lot more attention to web vulnerabilities, and if companies don't want to get caught up in that, then they need to pay attention to those flaws," said Steven Christey, the security researcher that authored the draft report and the CVE Editor for The MITRE Corp., a nonprofit government contractor.

The jump in web-based vulnerabilities is fueled by the simplicity of exploiting many of the most common web vulnerabilities, the enormous number of web applications freely available, and the difficulty in eradicating cross-site scripting flaws. " - TheRegister

TheRegister Link http://www.theregister.co.uk/2006/09/18/web_vulnerabilties/
Blog Link (With additional links and charts):
http://jeremiahgrossman.blogspot.com/2006/09/web-app-vulnw-take-over-top-spots.html