https://www.exploit-db.com/exploits/25637
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1044

CodeThatShoppingCart1.3.1中的catalog.php存在跨站脚本攻击(XSS)漏洞，远程攻击者可通过id参数注入任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/13560/info

CodeThatShoppingCart is reportedly affected by multiple input validation vulnerabilities. These issues may allow remote attackers to carry out cross-site scripting and SQL injection attacks. An attacker may also potentially disclose sensitive data.

CodeThatShoppingCart 1.3.1 was reported to be vulnerable. Other versions may be affected as well. 

http://www.example.com/codethat/catalog.php?action=category_show
&id=2"><script>alert(document.cookie)</script>

来源:BID
名称:13560
链接:http://www.securityfocus.com/bid/13560
来源:OSVDB
名称:16155
链接:http://www.osvdb.org/16155
来源:SECTRACK
名称:1013924
链接:http://securitytracker.com/id?1013924
来源:SECUNIA
名称:15251
链接:http://secunia.com/advisories/15251
来源:MISC
链接:http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html