Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Shopify Security Vulnerabilities

cve
cve

CVE-2020-8176

A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enable_cookies endpoint.

6.1CVSS

5.8AI Score

0.001EPSS

2020-07-02 07:15 PM
39
cve
cve

CVE-2022-29230

Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from v...

6.3CVSS

5.3AI Score

0.001EPSS

2022-05-18 09:15 PM
55
3
cve
cve

CVE-2024-45036

Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the TOPHAT_APP_TOKEN token stored in ~/.tophatrc through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without...

4.3CVSS

6.7AI Score

0.0004EPSS

2024-08-26 11:15 PM
33