Swhite

**Name of the Vulnerable Software and Affected Versions** CS-Cart version 1.3.2 CS-Cart versions 1.3.5-SP2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `q` parameter in a products search action. **Recommendations** For CS-Cart version 1.3.2, avoid using the `q` parameter in the products search action until a fix is available. For CS-Cart versions 1.3.5-SP2, restrict access to the products search action to minimize the risk of exploitation.