The Shopping.com API V3 PHP script suffers from a cross site scripting vulnerability.
5917bfd984a3d929ce655c1ae300b33d529e84e562eb42da91b5668f5e6c7864
##################################################################################
__ _ _ ____
/ /___ _____ (_)_____________ ______(_)__ _____ / __ \_________ _
__ / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__ |__ ) /_/ / / / / __(__ )/ /_/ / / / /_/ /
\____/\__,_/_/ /_/_/____/____/\__,_/_/ /_/\___/____(_)____/_/ \__, /
/____/
##################################################################################
Shopping.com Api V3 php Script, XSS Vulnerabilities
Software Page: http://en.clicsell.com/script-shopping-v3.html
Product Page: http://www.hotscripts.com/listing/shopping-com-api-v3-php-script/
Script Demo: http://en.clicsell.com/
Author(Pentester): 3spi0n
On Social: Twitter.Com/eyyamgudeer
Greetz: Grayhats Inc. and Janissaries Platform.
##################################################################################
[~] Xss on Demo Site (Searchbox)
>>> http://i.imgur.com/dIjfayE.png (Xss Found)
>>> If you try; you may open demo site and xss attack code to Searchbox.
>>> <script>alert('XSS')</script>