Shopify: XSS in creating tweets

2015-11-24T12:34:34
ID H1:101450
Type hackerone
Reporter haxs101
Modified 2015-12-03T22:02:26

Description

Hi, I found an XSS while tweeting my product. To reproduce: Create new tweet. Select any product. Input in message content `"><img src=x onerror=alert(document.domain)> XSS executes. * Hit Publish. XSS also executes.

Cheers!