X-Cart Store - Stored cross-site scripting vulnerability