Xss triggered in Your-store.myshopify.com/admin/apps/shopify-email/editor/****

Disclosed: 2022-04-25 11:01:01 By danishalkatiri To shopify

Medium

Vulnerability Details

Hi team, I have found `Store` Xss in shopify-email #Reproduction Instructions / 1.Configure `shopify-email` for Shopify stores at https://apps.shopify.com/shopify-email 2.Goto `Your-store.myshopify.com/admin/apps/shopify-email/template-branding` 3.Change F1607675 with "><img src=xx onerror=alert(document.domain)> click `Save`. 4.Now Select any F1607682. #██████████ #Proof of Concept ███ ████ ## Impact Stored XSS triggered.

Actions

View on HackerOne

Report Stats

Report ID: 1472471
State: Closed
Substate: resolved
Upvotes: 62

Xss triggered in Your-store.myshopify.com/admin/apps/shopify-email/editor/****

Vulnerability Details

Actions

Report Stats

Share this report