CartWIZ suffers from a cross site scripting vulnerability.
55b39a11e65c04e115b346660460d185b1c7b5902fce31c6167047ef8a26773e
Hackers Center Security Group (https://www.hackerscenter.com/)
Zinho's Security Advisory
Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)
store/viewCart.asp?message=%3Cplaintext%3E
allows anyone to retrieve cookie and take control over the account.
I noticed there are also some unchecked input when a user log in into his account and change his own personal data.
This could lead to a permanent xss hole much more dangerous than the above.