CVE-2020-8176

A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.
References
Link Resource
https://github.com/Shopify/quilt/pull/1455 Exploit Patch
https://hackerone.com/reports/881409 Permissions Required
Configurations

Configuration 1

cpe:2.3:a:shopify:koa-shopify-auth:3.1.62:*:*:*:*:*:*:*
cpe:2.3:a:shopify:koa-shopify-auth:3.1.61:*:*:*:*:*:*:*

Information

Published : 2020-07-02 07:15

Updated : 2020-07-10 07:30


NVD link : CVE-2020-8176

Mitre link : CVE-2020-8176

Products Affected
No products.
CWE