We were contacted via Twitter about an XSS vulnerability in giac.org, a security certification company.
Was interested in GIAC certification. Tried to search for security people who are already certified: http://www.giac.org/certified-professionals/directory/search Typed [for phun] in the search field: " onmouseover=alert(document.cookie) x=" Got xss'ed and left their website =)
GIAC followed-up with us via e-mail for the details on the vulnerability, which was quickly fixed.