Shopify: Account Takeover Vulnerability in Shopify Collabs Platform Due to Missing Email Verification

The account takeover vulnerability in the Shopify Collabs platform was caused by the lack of email verification during the signup process. A victim's account could be hijacked if their email address was used to create a new Shopify ID, as the platform did not require email verification. This...

Shopify: Cross-site scripting on api.collabs.shopify.com

Summary: Shopify collabs collabs.shopify.com is a new platform for content creators / influencers to discover and advertise the millions of brands of Shopify. The content creators can apply for different brands on this platform and get paid affiliate marketing. I discovered a cross-site scripting...