Fantastic Vulnerabilities and Where To Find Them (Part 1) — Cross-site Scripting with Django form errors

Why is Cross-Site Scripting (XSS) still the most common web vulnerability? The theory of identifying XSS is pretty straightforward, there are many static analysis tools created to detect it and yet there are so many undiscovered vulnerabilities. So, what gives?

This is a companion discussion topic for the original entry at