Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php.