Описание
Cross-site scripting in @shopify/koa-shopify-auth
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enable_cookies endpoint.
Пакеты
Наименование
@shopify/koa-shopify-auth
npm
Затронутые версииВерсия исправления
>= 3.1.61, <= 3.1.62
3.1.63
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.