A cross-site scripting vulnerability has been reported for ProductCart. The vulnerability exists due to insufficient sanitization of some user-supplied values.
Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.
ProductCart contains a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate the message content upon submission to the msg.asp script. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.
Upgrade to version 1.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.