Approximately 3/4 of the top 30 status code checking tools are all vulnerable against basic XSS. Thought I'd share this rather fun method. Checkout "netcat security.gracey.ca 1500" for details.