Common Ecommerce Vulnerabilities: Reflected XSS
ID: 54ca16bb-cbd9-530f-9965-43c4dd6d9688
STIX ID: report--54ca16bb-cbd9-530f-9965-43c4dd6d9688
Feed Name: HackerOne Blog
Threat Score
This write-up describes a reflected Cross‑Site Scripting (RXSS) vulnerability in Shopify Collabs where an unsanitized creator_redirect parameter allowed javascript: URLs to execute in authenticated users' browsers; the post covers the PoC, potential impacts on customer accounts and data, and recommends server-side input sanitization and allowlisting of approved https:// redirect domains — the issue was responsibly reported and fixed.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.