|www.rodneybeede.com||"I would love to change the world, but they won't give me the source code" - unknown|
This typically results in XSS allowing at attacker to hijack the user's session or present their own content.
I also typically run into issues where video players will load anything full-screen. The site owners don't realize someone can use their domain name to show any content they want and so they fail to restrict this or the player doesn't support restricting what URL it loads content from.
Finding sites with vulnerable players is as easy as an advanced Google search too.