2 matches found
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
CVE-2020-29587
CVE-2020-29587 affects SimplCommerce 1.0.0-rc. The root cause is that the Bootbox.js library used for Bootstrap modal dialogs does not sanitize user input and uses jQuery .html() to append payloads, resulting in a DOM XSS vulnerability. Exploitation details are not provided in the documents, but ...