XSS in my.shopify.com in widget
Medium
Vulnerability Details
Hi security team
I found XSS in the Buy Button in my.shopify.com
Step to reproduce
1-Go to Product and create Product with these payload <img src="a" onerror="prompt(document.cookie)" />;
See (Step1)
2- Now Go to Embed on a website and in the buy bouton page chose the third template and XSS will pop up
Patch it
Actions
View on HackerOneReport Stats
- Report ID: 185826
- State: Closed
- Substate: resolved
- Upvotes: 5