Web designers making very old mistakes are letting malicious hackers hijack visitors to their sites, say experts.
Many of the loopholes left in the code created for websites have been known about for almost a decade say the security researchers.
The poor practices are proving very attractive to hi-tech criminals looking for a ready source of victims.
According to Symantec the number of sites vulnerable in this way almost doubled during the last half of 2007.
Kevin Hogan, director of security operations at Symantec, said the bug-ridden web code was putting visitors to many entirely innocent sites at risk.
"It overturns the whole notion that if you stay away from gambling and porn sites you are okay," he said.
The attack that a malicious hacker can carry out via these web code vulnerabilities is known as cross-site scripting (abbreviated as XSS).
Typically these involve lax control of the data being swapped between a web server and the browser program someone is using to interact with it.
An XSS vulnerability could, for instance, allow attackers to steal the login credentials of a visitor to a site.