the XSS was working till the time this article was posted.
although Facebook will correct it soon.
XSS enables attackers to inject client-side script into Web pages viewed by other users.
A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
(source:wiki).
source: www.techworm.net
