{"id": "H1:122849", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Shopify: Stored XSS in https://checkout.shopify.com/", "description": "**STEPS TO REPRODUCE**\n\n1. Go to http://hardware.shopify.com/products/custom-gift-card?variant=976094353 and Design your own gift card.\n2. Change file type to url on the upload field.\n3. Add the payload `javascript:alert(document.domain);//https://cdn.shopify.com/s/files/1/0224/0965/uploads/1fc1042c960abdb2f35c0950900a7b2c.svg`\n4. Then add the item to the cart and go to checkout.\n5. On the checkout page click the Artwork File and the XSS will trigger.\n\n", "published": "2016-03-13T18:26:01", "modified": "2016-03-15T22:32:20", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/122849", "reporter": "niyaax", "references": [], "cvelist": [], "lastseen": "2018-07-30T14:12:05", "viewCount": 41, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2018-07-30T14:12:05", "rev": 2}, "dependencies": {"references": [], "modified": "2018-07-30T14:12:05", "rev": 2}, "vulnersScore": -0.4}, "bounty": 500.0, "bountyState": "resolved", "h1team": {"handle": "shopify", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/001/382/30421c25f4a7b03ec3250e36efb64f7291402806_medium.jpg?1532728703", "small": "https://profile-photos.hackerone-user-content.com/000/001/382/1e9872bf9cfe04008c2673e07bfecaa83858cca1_small.jpg?1532728703"}, "url": "https://hackerone.com/shopify"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/395/5c8ef42e7de00589b412349b57cea09947ff9448_small.jpg?1393000357"}, "url": "/niyaax", "username": "niyaax"}}

{}