Design/Logic Flaw

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...

CVE-2020-29587

CVE-2020-29587 affects SimplCommerce 1.0.0-rc. The root cause is that the Bootbox.js library used for Bootstrap modal dialogs does not sanitize user input and uses jQuery .html() to append payloads, resulting in a DOM XSS vulnerability. Exploitation details are not provided in the documents, but ...

CVE-2020-29587

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...

Simplcommerce 跨站脚本漏洞

Simplcommerce is Simplcommerce individual developers of a .Net-based e-commerce platform. SimplCommerce 1.0.0-rc suffers from a cross-site scripting vulnerability in which the Bootbox.js library does not perform any cleanup operations on user input. No details of the vulnerability are provided at...