Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

References

• https://nvd.nist.gov/vuln/detail/CVE-2010-2636
• https://exchange.xforce.ibmcloud.com/vulnerabilities/62952
• http://www-01.ibm.com/support/docview.wss?uid=swg1JR35424