According to xssed.com a new XSS flaw is just found in Facebook on January 28, 2011. This vulnerability leaves users at risk of scripting attacks and logins phishing. Here is a harmless proof of concept:
Attackers can trick users into accessing fake login sites or lead them to other websites installed with malicious code.
Demo of Facebook affected by XSS vulnerability
Currently, this vulnerability has not been fixed yet. Thus, users should take caution when using Facebook.
Yesterday, January 27, 2011, another XSS vulnerability was also found in Facebook. However, this flaw has been fixed. XSS is the major vulnerability that Facebook has encountered in the recent years.