According to security blogger David Lynch (http://http://davidlynch.org/), he has found a severe XSS vulnerability in Eyewonder Ad Network, including CNN, NY Times and Fox News involved in this vulnerability.
(Figure 1: CNN)
(Figure 2: NYTimes)
(Figure 3: Fox News)
(Figure 4: Hi, Lionic!)
Test links are as following:http://edition.cnn.com/eyewonder/interim.html?src=http://davidlynch.org/projects/xss/eyewonder.js
var query = window.location.search;
var adUrl = query.substring(5, query.length);
Any severe attacks can make it by filling query string with malicious JS, like figure 4. injects "Hi, Lionic!" into CNN website.