Steve Gibson's web site, GRC.com, has been prone to cross-site scripting (XSS) attacks in the past. Given the abundance of information on preventing XSS attacks, it is generally accepted that security companies and professionals should not be vulnerable.
PointBlank Security maintains a list of high profile sites vulnerable to XSS, that includes GRC.com:
Credit: Jeremiah Jacks - FIXED
GRC.com was found vulnerable again, and put in better context as the exploit demonstrates Gibson's claim of having a custom security solution is bunk.