What the vulnerability does

01Description

A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.

Key dates

02Disclosure timeline

July 2, 2020 CVE published
August 4, 2024 Record updated