CVE-2020-29587

CVE-2020-29587 affects SimplCommerce 1.0.0-rc. The root cause is that the Bootbox.js library used for Bootstrap modal dialogs does not sanitize user input and uses jQuery .html() to append payloads, resulting in a DOM XSS vulnerability. Exploitation details are not provided in the documents, but ...