Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
www-01.ibm.com/support/docview.wss?uid=swg1JR55049
www-01.ibm.com/support/docview.wss?uid=swg1JR55139
www-01.ibm.com/support/docview.wss?uid=swg1JR55141
www-01.ibm.com/support/docview.wss?uid=swg1JR55264
www-01.ibm.com/support/docview.wss?uid=swg21983625
www.securityfocus.com/bid/91533
www.securitytracker.com/id/1036206