A McAfee spokeswoman said the company rates XSS vulnerabilities less severe than SQL injections and other types of security bugs. “Currently, the presence of an XSS vulnerability does not cause a web site to fail HackerSafe certification,” she said. “When McAfee identifies XSS, it notifies its customers and educates them about XSS vulnerabilities.”
Sign in with 
OpenID
Really ? If McAfee have this backwards an attitude towards XSS vulnerabilities, then do they even bother to identify XSRF problems ?