On 28th September 2012, I found a Cross-Site Request Forgery vulnerability on http://translate.twttr.com which is the Twitter Translation Center.
While checking the service I landed up on the "Accounts Settings" page which looked like this.
So we've two options here, first one toggles the Twitter Badge setting on Twitter.com and second one toggles the badge related notification.
POST request
Around half dozen XSS vulnerabilities were found on three subdomains of Symantec Corp. by me
http://clientui-kb.symantec.com
http://sfdoccentral.symantec.com
http://engweb.symantec.com
All the reported vulnerabilities have