To be more precise our link is http://finance.google.com

Ok..My XSS alert is here:

http://finance.google.com/finance/po...ction=add&hash

How you see in the screen we need authentication.



Good,I go inside with my account and now I try to add something on my
Portofolio. I try to add something like this

OR: like this



After I have put that string and I press the key "Add to portofolio" we
can see the surprise




That's all.