Stored XSS on buy button
Discovered by tony_tsep on Shopify

This issue took 2 Days and 18 hours to triage and 37 Days and 5 hours to resolve once triaged.



<a href="/tony_tsep">@tony_tsep</a> discovered a cross-site scripting vulnerability in the Buy Button sales channel. Currency amounts were not properly rendered, which could allow an attacker to execute Javascript in the context of the channel.