XSS stored in the Shopify Email app
Low
Vulnerability Details
step:
1、install app `Shopify Email`
{F1076928}
2、Click `General` under `Settings`
3、Change phone number to `1234567"><img src=a onerror=alert(1)>`
{F1076939}
4、Open shopify email app and create an email
5、Show phone number
{F1076940}
6、watch the vedio poc for more information
## Impact
store xss
Actions
View on HackerOneReport Stats
- Report ID: 1033882
- State: Closed
- Substate: resolved
- Upvotes: 9