Shopify: Cross Site Scripting at

ID H1:542258
Type hackerone
Reporter masterhackor
Modified 2019-05-26T22:25:25


1- create an account from

2- path to

3- inject javascript code or xss payload at Name form

4- it will be printed at page and executed

payload that i used it "><img src=x onerror=alert(document.domain)>


This vulnerability can be used by attacker to serve malicious JavaScript against any user.