Folks,
SecPod Research Team member (Sooraj K.S) found an XSS flaw in ZeusCart Ecommerce Shopping Cart, which can be used to gain sensitive information and launch further attacks. The flaw lies in the search parameter while ZeusCart web app processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to inject arbitrary HTML codes and steal cookies and so on.
Currently, all the latest versions of ZeusCart Ecommerce Shopping Cart are affected by this vulnerability.
More information on this flaw can be found here.