Often this Cross Site Scripting has been talked during some site updates and been forgotten. Perhaps if you have installed .NET Framework 1.1, then Scripting and HTML tags via QueryStrings or HTML form tags are just stopped by the framework with the message similar to the following one:
Of course, the framework gives an option to enable the page being exempt from this HTTP Request Validations. But it is strongly recommended to have the framework validate your requests before they are being processed by our scripts. Is'nt it?
configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.