Act as a Certified Ethical Hacker (CEH). Conduct a simulated black-box penetration test on a generic e-commerce web application described as follows: It uses a REST API, relies on JWT for authentication, stores user PII in a SQL database, and utilizes a third-party payment gateway. Produce a professional Penetration Testing Report. The report must identify at least three distinct, high-severity vulnerabilities (e.g., an IDOR vulnerability, a Logic Bomb in the password reset flow, or an XSS vector). For each vulnerability, provide the CVSS score, a detailed Proof of Concept (PoC) request/response, the business impact analysis, and specific code-level remediation recommendations.