Stored XSS - Shipping Name (Checkout)

Description

The shipping name entered during checkout is stored and rendered on the order detail page using dangerouslySetInnerHTML.

Proof of Concept

name = <script>alert('XSS')</script>

Remediation

Use JSX text interpolation instead of dangerouslySetInnerHTML.