There is a fault in the filter by price.
Cross scripting vulnerability found in args site: cat, dir, mode, order

URL:http://www.site.com.br/almofada.html?cat=39 Cross site scripting vulnerability found in args:cat

URL:http://www.site.com.br/almofada.html?cat=39&dir=asc&mode=list&order=position Cross site scripting vulnerability found in args:cat,dir,mode,order

URL:http://www.site.com.br/almofada.html?cat=39&dir=asc&mode=list&order=position&p=2 Cross site scripting vulnerability found in args:cat,dir,mode,order,p

URL:http://www.site.com.br/almofada.html?cat=39&dir=desc&order=position Cross site scripting vulnerability found in args:cat,dir,order

URL:http://www.site.com.br/almofada.html?cat=40&dir=asc&mode=grid&order=position Cross site scripting vulnerability found in args:cat,dir,mode,order

URL:http://www.site.com.br/almofada.html?cat=40&dir=desc&mode=list&order=position Cross site scripting vulnerability found in args:cat,dir,mode,order

URL:http://www.site.com.br/almofada.html?cat=40&dir=desc&mode=list&order=position&p=2 Cross site scripting vulnerability found in args:cat,dir,mode,order,p

URL:http://www.site.com.br/almofada.html?cat=40&dir=desc&mode=list&order=position&p=5 Cross site scripting vulnerability found in args:cat,dir,mode,order,p

URL:http://www.site.com.br/almofada.html?cat=40&dir=desc&order=position Cross site scripting vulnerability found in args:cat,dir,order

URL:http://www.site.com.br/almofada.html?cat=40&dir=desc&order=position&p=2 Cross site scripting vulnerability found in args:cat,dir,order,p

URL:http://www.site.com.br/almofada.html?cat=40&mode=list Cross site scripting vulnerability found in args:cat,mode

URL:http://www.site.com.br/almofada.html?dir=asc&mode=grid&order=position Cross site scripting vulnerability found in args:dir,mode,order

URL:http://www.site.com.br/almofada.html?dir=asc&mode=list&order=position Cross site scripting vulnerability found in args:dir,mode,order

URL:http://www.site.com.br/almofada.html?dir=asc&mode=list&order=position&p=2 Cross site scripting vulnerability found in args:dir,mode,order,p

URL:http://www.site.com.br/almofada.html?dir=asc&mode=list&order=position&p=3 Cross site scripting vulnerability found in args:dir,mode,order,p

URL:http://www.site.com.br/almofada.html?dir=asc&mode=list&order=position&p=4 Cross site scripting vulnerability found in args:dir,mode,order,p

URL:http://www.site.com.br/almofada.html?dir=asc&mode=list&order=position&p=5 Cross site scripting vulnerability found in args:dir,mode,order,p

URL:http://www.site.com.br/almofada.html?dir=desc&order=position&p=4 Cross site scripting vulnerability found in args:dir,order,p

URL:http://www.site.com.br/almofada.html?mode=grid&p=2 Cross site scripting vulnerability found in args:mode,p

URL:http://www.site.com.br/almofada.html?mode=list&p=3 Cross site scripting vulnerability found in args:mode,p

URL:http://www.site.com.br/almofada.html?p=5 Cross site scripting vulnerability found in args:p

Part code:

/*
    * Prepare query string that was in the original url
    *
    * @return queryString
    */
    public function prepareParams(){
        $url="";

        $params=$this->getRequest()->getParams();
        foreach ($params as $key=>$val)
            {
                    if($key=='id'){ continue;}
                    if($key=='min'){ continue;}
                    if($key=='max'){ continue;}
                    $url.='&'.$key.'='.$val;
            }
        return $url;
    }

Fast Solution:

/*
    * Prepare query string that was in the original url
    *
    * @return queryString
    */
    public function prepareParams(){
        $url="";

        $params=$this->getRequest()->getParams();
        foreach ($params as $key=>$val)
            {
                    if($key=='id'){ continue;}
                    if($key=='min'){ continue;}
                    if($key=='max'){ continue;}
                    $url.='&'.$this->htmlEscape($key).'='.$this->htmlEscape($val);
            }
        return $url;
    }