Unfixed XSS vulnerability at search.redenvelope.com

Security researcher general, has submitted on 19/05/2008 a cross-site-scripting (XSS) vulnerability affecting search.redenvelope.com, which at the time of submission ranked 21118 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 23/05/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://search.redenvelope.com/search/controller_search.jsp?action=headersearch&location=header&doObs=1&cntListIdx=0&clk=200&clknum=10&N=0&Ntk=search&Ntx=mode%2Bmatchallpartial&initSrch=search&envSuff=&ipsResQlt=75&Ntt=<script>alert(31337)</script>&submit.x=13&submit.y=11