Starbucks: Reflected XSS on teavana.com (Locale-Change)

SUMMARY ---- Hello, the link at https://www.teavana.com/on/demandware.store/Sites-Teavana-Site/default/Locale-Change?LocaleID=enCA was identified by changing languages is prone to reflected XSS in the "en" zone of the LocaleID parameter. One can inject javascript that will be reflected back to th...