The Internet Storm Center has a great article on the most common vulnerabilities in web applications (XSS or Cross Site Scripting)
https://isc.sans.edu/forums/diary/When+encoding+saves+the+day/20277/
This is where some data is attempted insertion into the web application somehow.
So the unfortunate browser response from Internet explorer is
Internet Explorer: GET /myform/action/post?myparam=”>%20Test
So what you say I don’t use Internet Explorer? Well the people that do are susceptible to attacks that Chrome and Firefox are not and this may not be transparent in all pentests. Make sure to pentest IE vulnerabilities as well.
Make sure and understand the post by Bojan at isc.sans.edu
This is important, as one has to be thorough in pentesting.