For various reasons I'm going to report this as neutral as possible.

Apparently F5 and Acunetix both web security vendors were found to have XSS holes in their website according to RSnake's forum. To be honest with you yeah it is embarrassing but s!@# happens however that isn't why I'm posting this news story. I'm posting it because of the backlash denying these vulnerabilities has caused. If any issue is found in your site and publicly disclosed, admit it/fix it and move on.

Darkreading Link: http://www.darkreading.com/document.asp?doc_id=104815
RSnake Forum: http://sla.ckers.org/forum/read.php?3,44,632
Lord XSS Blog: http://jeremiahgrossman.blogspot.com/
POC Screenshots at n074h4x0r: http://n074h4x0r.blogspot.com/
SecureiTeam Blog: http://blogs.securiteam.com/index.php/archives/649