Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
http://www.iss.net/security_center/static/8840.php
http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html