Big HTML5 loopholes that are easy to exploit have been sited on the frontend of Veikkaus and POP Vakuutus sites by users After SC5, a company based in Finland, launched its HTML5 technology and sold it to Veikkaus, POP Vakuutus and F-Secure Personal Cloud Service. Two users have also reported being able to execute unwanted code on the F-Secure site through their browser facilitated by the cross site scripting vulnerability associated with HTML5. All these vulnerabilities are unique to a programmer called Martti Malmi. There are several other vulnerabilities reported by companies whose sites have been worked on by Martti Malmi. Be warned and avoid falling victim.