Shopify: XSS in Myshopify Admin Site in DISCOUNTS

ID H1:71614
Type hackerone
Reporter nismo
Modified 2015-07-20T14:37:18



  1. Go to Customers and add a new search group named "><img src=x onerror=prompt(7) See creategroup.png
  2. Go to Discounts and add a Discount Code based on Customer group and choose the one created above
  3. Click Save

XSS in discounts occur (discountxss.png)