All reported issues has been fixed. Packet Storm entry has been updated: http://packetstormsecurity.com/files/118249/Penske-Media-Corporation-Cross-Site-Scripting.html
Multiple Penske Media Corporation (http://www.pmc.com) web-sites are vulnerable to reflected Cross-site Scripting attacks. Vulnerable sites 20-Nov-2012:
Variety.com, La411.com, NewYork411.com and Deadline.com
Senior Director of Engineering at PMC contacted me shortly after this post. Security issues are being addressed in effective manner.
– Deadline.com – Issue has been fixed during Thanksgiving holiday
According to PMC, rest of the vulnerabilities should be fixed in the near future.
I reported the findings initially to various contacts at Variety on 16-Oct-2012. All reporting attempts apparently failed, because there has been no response.
Users should be careful and avoid clicking on the links that are pointing to XSS vulnerable domains.