xss stored in https://your store.myshopify.com/admin/

Disclosed: 2020-08-24 16:08:20 By lbro To shopify

Low

Vulnerability Details

hello , i fond xss stored in https://your store.myshopify.com/admin/ steps ; 1. go to ```https://swqdewd.myshopify.com/admin/menus/new``` 2. click in Add menu item 3. add name ```"><img src="x" onerror="alert(document.cookie)">``` AND any link 4. now click add 5. click in remove item 6. alert 7. watch the vedio poc for more information ## Impact xss attack .....

Actions

View on HackerOne

Report Stats

Report ID: 887879
State: Closed
Substate: resolved
Upvotes: 45

xss stored in https://your store.myshopify.com/admin/

Vulnerability Details

Actions

Report Stats

Share this report