Seamusabshere

**Name of the Vulnerable Software and Affected Versions** koa-shopify-auth versions 3.1.61 through 3.1.62 **Description** A cross-site scripting issue exists, allowing an attacker to inject JS payloads into the `shop` parameter on the "/shopify/auth/enable cookies" endpoint. **Recommendations** For versions 3.1.61 through 3.1.62, as a temporary workaround, consider restricting access to the "/shopify/auth/enable cookies" endpoint until a patch is available. Avoid using the `shop` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.