Shopify: XSS in creating tweets

2015-11-24T12:34:34
ID H1:101450
Type hackerone
Reporter haxs101
Modified 2015-12-03T22:02:26

Description

Hi, I found an XSS while tweeting my product. To reproduce: * Create new tweet. * Select any product. * Input in message content `"><img src=x onerror=alert(document.domain)> * XSS executes. * Hit Publish. XSS also executes.

Cheers!