TikTok: Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products

The "Search Product" function in the TikTok Shop Seller API contained a vulnerability that allowed access to inactive or suspended products by manipulating the "live" parameter in the API request. The vulnerability was reported to the team and remediated...