Sears had an XSS injection issue, where you could change their breadcrumbs by manipulating the URLs. Some redditors changed and shared a link to a grill as a "Body part roaster" and had fun. Sears found out and got mad

https://www.techdirt.com/2009/08/21/reddit-sears-grills-that...