Posted by Curesec Research Team (CRT) on Nov 14
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: TomatoCart v1.1.8.6.1
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: support () tomatocart com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/29/2015
Disclosed to public: 11/13/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH
2. Overview
There…