XSS at Bulk editing products
Unknown
Vulnerability Details
after following above the steps in #67125 goto Bulk editing products:
for me the url was:
https://img-src-x-onerror-prompt1-24.myshopify.com/admin/bulk?resource_name=Product&edit=variants.sku%2Cvariants.price%2Cvariants.compare_at_price&message=&return_to=%2Fadmin%2Fproducts&ids=1151578433
it is also vulnerable to xss
(Change the requierd fields in above url according to your shop)
Actions
View on HackerOneReport Stats
- Report ID: 67132
- State: Closed
- Substate: resolved
- Upvotes: 3