Norman has an XSS vulnerability. You can see an archive of it and any status update regarding it being fixed at XSSed.com.
XSS URL provided: http://www.norman.com/site_search/en?searchString%3Autf8%3Austring="><iframe src=index.htm
