Unfixed XSS vulnerability at bluefly.com

Security researcher holisticinfosec, has submitted on 25/03/2008 a cross-site-scripting (XSS) vulnerability affecting bluefly.com, which at the time of submission ranked 7399 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 12/04/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://bluefly.com/pages/search/results.jsp;jsessionid=HobzrIuDooFLT816iLxdtGnDM7WKJS0Yi2cxSAoDccvh1uMrkUyV!-893005850!app19.l3.bluefly.com!7005!7002?cmSrch=true&Ne=500000&Ntk=all&Ntx=mode+matchallpartial&N=933&Ntt=test&FOLDER<>folder_id="><marquee><h1>This_site_is_NOT_Hacker_Safe<%2Fh1><%2Fmarquee>&inicat=933