nba.com - XSS
Details:
Parameter successURL in /webAction?actionId=emailFormRandom^Name=&Email=&Comment=&=Submit&=Reset&ReferringURL=&emailTo=technicalsupport%40nba.com&emailFrom=technicalsupport%40nba.com&successURL=%2F&subject=NBA.com+404+Error+Message is vulnerable to "+onerror="alert(1)" XSS input.

Proof Of Concept:
hxxp://www.nba.com:80/webAction?actionId=emailFormRandom