Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Shopify: H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing

πŸ—“οΈΒ 10 Oct 2018Β 09:18:31Reported byΒ filedescriptorTypeΒ 
hackerone
Β hackeroneπŸ”—Β hackerone.comπŸ‘Β 4Β Views

H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing. Attacker can abuse flaws in the Shopify Embedded SDK to execute a DOMXSS attack via cookie stuffing and login CSRF, allowing them to hijack the session and perform unauthorized actions

Show more

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Oct 2018 09:31Current
6.2Medium risk
Vulners AI Score6.2
shopifydomxssembedded sdkcookie stuffinglogin csrfsecurity flaws
4
.json
Report