Shopify: XSS on

ID H1:591786
Type hackerone
Reporter encryptsaan123
Modified 2019-06-14T18:39:04


Hy security, i Got a stored xss in one of your sub-domain ""

steps: 1- Go to https://(your_store) 2- Then Go to All services>Marketing and sales>email marketing> Design custom email templates >click select 3- fill al the data, there will be an option for "attach file" 4: selcet a html file where the xss payloads are got stored. 5. write click on the attached file and go to that location, you will see the pop-up


can steal cookies