DESCRIPTION:
John Cobb has discovered two vulnerabilities in ViArt Shop Free,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Input passed to the "forum_id" parameter in forum.php and the
"item_id" parameter in reviews.php isn't properly sanitised before
being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.
The vulnerabilities have been confirmed in version 2.5.5. Other
versions may also be affected.
SOLUTION:
Apply patch available from the vendor.
http://www.codetosell.com/downloads/xss_fix.zip
