← Back

Koa Shopify Auth

koa-shopify-auth

Vendor: Shopify • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-8176
1Shopify
1Koa Shopify Auth
Nov 21, 2024
Jul 2, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.