Vulnerable:NextAge Cart Cross-Site Scripting Vulnerability. Venedor site : http://www.nextagecart.com Critical Level : Dangerous Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks. Exploit : http://www.example.com/[path]/index.php?main=category&sub=product&CatId=[xss] http://www.example.com/[path]/index.php?SearchOpt=1&main=search&sub=index&SearchWd=[xss]