CVE-2020-8176

Published July 2nd, 2020

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.

Shopify/quilt

[⚠️ Deprecated] A loosely related set of packages for JavaScript/TypeScript projects at Shopify

GitHub

1.68K