A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enable_cookies endpoint.
6.1CVSS
5.8AI Score
0.001EPSS
Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the TOPHAT_APP_TOKEN token stored in ~/.tophatrc through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without...
4.3CVSS
6.7AI Score
0.0004EPSS