3 matches found
TikTok: Ability to change permissions across seller platform
An Insecure Direct Object Reference IDOR vulnerability was found on the "Post" request on a TikTok Seller endpoint, which could have resulted in any user having the ability to change the "Finance Specialist" role permission. We thank @imrannisar for reporting this to our team...
Lark Technologies: Stored xss on helpdesk using user's city
A stored XSS cross-site scripting was found on the internal larksuite helpdesk, which an attacker could have potentially used to obtain access to the internal helpdesk. We thank imrannisar for reporting this vulnerability and confirming its resolution...
Lark Technologies: Stored XSS in Satisfaction Surveys via "Ask Reason for Dissatisfaction" option
A stored XSS cross site scripting vulnerability was found within the Lark satisfaction survey which an attacker could have potentially used to inject malicious javascript within the "reason for dissatification" section when selecting a poor rating after a help desk chat is completed. We thank...