EPSS
Percentile
40.7%
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enable_cookies endpoint.
shop
/shopify/auth/enable_cookies
github.com/Shopify/quilt/pull/1455
hackerone.com/reports/881409
nvd.nist.gov/vuln/detail/CVE-2020-8176