Shopping Cart Creator Pro is a tool which generates a web shop which can we uploaded to any host that support PHP.
It was found that it is vulnerable to an old school Reflected XSS payload due to missing input validation.
The used payload is: <script>alert(1337)>/script>
It also uses an outdated jQuery library (v1.4.2), which is vulnerable to XSS attacks as well. According to the author’s website, this software hasn’t been updated since July 2011. If you own a license for this product and still use it as your web shop software, it is highly recommend to contact CoffeeCup.