8 matches found
EUVD-2021-1124
Malware in sbrugna...
CVE-2020-8176
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...
GHSA-JQH7-W5PR-CR56 Cross-site scripting in @shopify/koa-shopify-auth
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...
Cross-site scripting in @shopify/koa-shopify-auth
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...
CVE-2020-8176
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...
Cross site scripting
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...
CVE-2020-8176
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...
CVE-2020-8176
CVE-2020-8176 affects koa-shopify-auth, versions 3.1.61–3.1.62. The vulnerability is an XSS via the shop parameter in /shopify/auth/enable_cookies. Root cause cited across sources is lack of sanitization of the shop value in multiple files (e.g., auth/client/request-storage-access.ts, auth/client...