Cross site scripting vulnerability in checkout page in notes field
1.Login to the demo page.
Go to accessories , select any product and add payload in the checkout notes
click save and open the product xss will trigger
payload = "><img src>
This vulnerability is capable of stolen the user cookie