A cross-site scripting vulnerability exists in CREALOGIX EBICS version 7.0, which stems from the lack of effective filtering and escaping of user-supplied data in the /ebics-server/ebics.aspx file, which could be exploited to inject cross-site code and launch XSS attack.