I also get a suspicious on a iFrame check:
Suspicious htxp://poserworld.com/newsletter.htm' - when I checked that avast! Web Shield blocked and alerted JS:Agent-CQF[Trj] (hidden input)
Also consider the results of this scan:
https://asafaweb.com/Scan?Url=poserworld.comRequested URL: htxp://poserworld.com/Home.aspx?foo=<script> | Response URL: htxp://poserworld.com/Home.aspx?foo=<script> * | Page title: Poser 3D | Poser Models | Poser Clothes | Poser Downloads | Poser Scenes | DAZ Studio Models | Poser 5, 6, 7, 8 , 9, 2010, 2014 | HTTP status code: 200 (OK) | Response size: 71,687 bytes (gzip'd) | Duration: 465 ms
Overview
In a web forms site, request validation ensures all requests to the website do not contain a potentially malicious payload. This protects against the likelihood of cross site scripting (XSS) vulnerabilities being exploited on the site.
Result
It looks like request validation has been turned off. Making a request to the site with the malicious URL above is returning the same response body as a legitimate request so the app appears to be accepting the XSS payload in the query string. Request validation is easy to enable, just configure the web.config to ensure "validateRequest" is set to "true" (this is also the default if no setting exists):
<pages validateRequest="true" />
Also make sure the individual Page declarations have ValidateRequest set to "true" (this is also the default if no setting exists):
<%@ Page ValidateRequest="true" %>
Warning: There are legitimate use cases for turning request validation off in some places so be certain you're not going to break anything before disabling it.
foo=<script> html injection attack read:
http://deadliestwebattacks.com/html-injection-quick-reference/polonus