3 matches found
CVE-2020-8176
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...
CVE-2020-8176
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...
CVE-2020-8176
CVE-2020-8176 affects koa-shopify-auth, versions 3.1.61–3.1.62. The vulnerability is an XSS via the shop parameter in /shopify/auth/enable_cookies. Root cause cited across sources is lack of sanitization of the shop value in multiple files (e.g., auth/client/request-storage-access.ts, auth/client...