Shopping Cart Creator Pro is a tool which generates a web shop which can we uploaded to any host that support PHP.

It was found that it is vulnerable to an old school Reflected XSS payload due to missing input validation. 

CoffeeCup Shopping Cart Creator Pro XSS

The used payload is: <script>alert(1337)>/script> 

It also uses an outdated jQuery library (v1.4.2), which is vulnerable to XSS attacks as well. According to the author’s website, this software hasn’t been updated since July 2011. If you own a license for this product and still use it as your web shop software, it is highly recommend to contact CoffeeCup.

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0Email this to someonePin on Pinterest0Share on Reddit0Digg thisShare on Tumblr0Share on Yummly0Share on StumbleUpon0Flattr the author