A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enable_cookies endpoint.
6.1CVSS
5.8AI Score
0.001EPSS
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from v...
6.3CVSS
5.3AI Score
0.001EPSS
Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the TOPHAT_APP_TOKEN token stored in ~/.tophatrc through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without...
4.3CVSS
6.7AI Score
0.0004EPSS