UPDATE: Reddit has posted a blog entry at http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html addressing this.
"Popular social news website Reddit has stopped the spread of a cross-site scripting (XSS) worm that hit the site on Monday.
The XSS worm spread via comments on the site, originally from the account of a user called xssfinder.
Reddit failed to filter out JavaScript in some cases, specifically
when a user hovered his or her mouse over a link, a factor the
miscreants behind xssfinder's account exploited to run a proof of
concept attack." – TheRegister
Read more: http://www.theregister.co.uk/2009/09/28/reddit_xss_worm/
