XSS on postal codes

Disclosed: 2017-01-11 16:47:04 By pappan To shopify
Medium
Vulnerability Details
Hi, #190951 is not fully fixed. Scripts can be injected via a csv file and make it execute in the application. Screenshots attached.
Actions
View on HackerOne
Report Stats
  • Report ID: 192140
  • State: Closed
  • Substate: resolved
  • Upvotes: 15
Share this report