Shopify: Cookie securing your "Opening soon" store is not secured against XSS

PoC: 1 Protect your e-shop with a password Storefront password 2 Go to your e-shop URL and enter the password to access the store 3 There is a cookie created - name: storefrontdigest - this cookie contains the password in a secure way which protects your store 4 This cookie is not marked as...

Shopify: Unauthenticated access to details of hidden products in any shop via title emuneration

This issue allows external unauthenticated attacker to bypass password protection of currently unopened "Opening Soon" stage stores and obtain full description of products considering they know/enumerate the title of the product and the product has been published. It could be used to obtain...