Hy security,
i Got a stored xss in one of your sub-domain βservices.shopify.comβ
steps:
1- Go to https://(your_store).myshopify.com/admin/apps/experts_marketplace/services_marketplace
2- Then Go to All services>Marketing and sales>email marketing> Design custom email templates >click select
3- fill al the data, there will be an option for βattach fileβ
4: selcet a html file where the xss payloads are got stored.
5. write click on the attached file and go to that location, you will see the pop-up
can steal cookies