Clear explaination of XSS (Cross Site Scripting) vulnerabilites
This article also describes the difference between many different "injection" techniques, including HTML, SQL, and Metacharacter injections.
Common Security Problems in the Code of Dynamic Web Applications : Hackers Center : Internet Security Archive: Exploits, Patch, Security Articles, Advisories
Common Security Problems in the Code of Dynamic Web Applications : Hackers Center : Internet Security Archive: Exploits, Patch, Security Articles, Advisories