Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Links and (2) Links Submit pages.
https://exchange.xforce.ibmcloud.com/vulnerabilities/42888
http://www.securityfocus.com/bid/29786
http://secunia.com/advisories/30655
http://oscommerceuniversity.com/lounge/index.php?topic=249.0