Title:		TomatoCart-1.1.8.6.1 InMemory products.php CompareNow XSS
Severity: 	High
CVE-ID: 	To Be Assigned
Release Date:	20 September 2014 
Author: 	Kenneth F. Belva
Websites:	http://silverbackventuresllc.com
		http://xssWarrior.com 
		http://securitymaverick.com
Twitter: 	@infosecmaverick
Contact:	Please use website contact form.
Mail: 
URL: 		http://sourceforge.net/projects/tomatocart/
Vendor: 
Remote Exploit:	Yes

Discovered with: xssWarrior - http://xssWarrior.com


Description:
============

An attacker inputs the code on the products.php page via the cid variable. When the victim uses the CompareNow functionality, the XSS code stored in memory executes.



Proof of Concept :
==================

http://[domain]/TomatoCart-1.1.8.6.1/TomatoCart-v1-released-v1.1.8.6.1/products.php?1&cid=1&cid=[code]&action=compare_products_add