NextAge Cart Cross-Site Scripting multiple Vulnerabilities

Vulnerable:NextAge Cart Cross-Site Scripting Vulnerability.

Venedor site : http://www.nextagecart.com
Critical Level : Dangerous
Exploiting this issue could allow an attacker to steal cookie-based
authentication credentials and to launch other attacks.

Exploit :
http://www.example.com/[path]/index.php?main=category&sub=product&CatId=[xss]

http://www.example.com/[path]/index.php?SearchOpt=1&main=search&sub=index&SearchWd=[xss]