Shopify: XSS at Bulk editing ProductVariants

2015-06-24T07:36:00
ID H1:72331
Type hackerone
Reporter mafia
Modified 2015-06-25T04:12:57

Description

Steps to Reproduce:

1.Create a Product with Title and Description as "><img src=x onerror=prompt(133)> 2. Now goto https://blahblah.myshopify.com/admin/products/inventory 3. Select the Product created at Step 1 and Click on Edit variants

and XSS will be triggered