Shopify: Stored XSS Deleting Menu Links in the Shopify Admin

2017-08-28T02:27:45
ID H1:263876
Type hackerone
Reporter geeklegend
Modified 2017-09-08T16:40:57

Description

Hello Team,

I found a stored xss issue.

PoC (unlisted): https://youtu.be/MjnKyFgqTTo

watch my PoC than you'll understood everything.

Payloads: // # "><svg/onload=prompt(1)>

Looks Like this issue available at " Title in Add menu " and also available at "Title" in " Menu Item "

Mirror: https://azizvai.myshopify.com/

Thanks