Norman.com download submission form XSS bug
Vulnerable page: http://www.norman.com/home_and_small_office/trials_downloads/Specified page shows a frame linked from http://newton.norman.com/, so you have to post to that frame in order for XSS to work.
PoC
POST /reg.php HTTP/1.1Host: newton.norman.com
name="><img src=http://te-home.net/images/logo.png>
You can either include any XSS code in name input box, or request any XSS code directly using POST method and name parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.