Stored XSS in partners dashboard

Hello Stored XSS and UI redressing on https://partners.shopify.com/[partnerID]/confirm. PoC: 1.Change your First Name and Last Name with XSS payload on https://accounts.shopify.com/account 2.Create an account on https://partners.shopify.com/ or if you have an account on https://partners.shopify.com/,go to https://partners.shopify.com/[partnerID]/complete You'll see the stored XSS 1. https://partners.shopify.com/[partnerID]/confirm 2. https://partners.shopify.com/[partnerID]/complete are missing with X-Frame-Options header. Maybe an attacker can attack user with clickjacking.