I've been using Acunetix WVS5 recently but the free version is quite heavily restricted and will only check for the more basic XSS exploits plus it takes an aeon to do anything so scanning for flaws takes at least several hours, especially on a project like Beehive.

I know nothing about this stuff, including what it is and isn't safe to say in public without giving too much away, but I'm curious to know more. What damage could someone do with this vulnerability? Big damage?

The one reported by FrSIRT is a cross site scripting flaw which allows injection of Javascript into pages.

 

Symantec haven't got back to me yet regarding their discovery.