This Web site has a search box:

Sonic.net

BUT you can inject text after the phone number and it's not filtered.

Try this:

123-123-1234<b>bold

You can see the text turn bold.

Then try this:

123-123-1234<iframe src=http://samsclass.info>

SonicXSS1 (36K)

Then this:

123-123-1234<iframe src=http://samsclass.info/injection.html>

SonicXSS2 (41K)

I reported this to Sonic on 4-15-09. They replied on 4-16-09 and said it was fixed, but when I tested it, it was not fixed.