Stored XSS Deleting Menu Links in the Shopify Admin

Disclosed: 2017-09-08 16:40:57 By hack_im To shopify

Medium

Vulnerability Details

Hello Team, I found a stored xss issue. PoC (unlisted): https://youtu.be/MjnKyFgqTTo watch my PoC than you'll understood everything. Payloads: // # "><svg/onload=prompt(1)> Looks Like this issue available at " Title in Add menu " and also available at "Title" in " Menu Item " Mirror: https://azizvai.myshopify.com/ Thanks

Actions

View on HackerOne

Report Stats

Report ID: 263876
State: Closed
Substate: resolved
Upvotes: 33

Stored XSS Deleting Menu Links in the Shopify Admin

Vulnerability Details

Actions

Report Stats

Share this report