Security Advisory

CVE-2020-8176

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-07-02 18:35:21

Last updated 2024-08-04 09:56:26

Assigner hackerone

State PUBLISHED

Description

A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.

← Browse all CVEs View on cve.org ↗