3 matches found
Malicious code in oh-my-ashclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005 On npm install, the package's postinstall hook .prepare.cjs executes and harvests installer-side data: hostname, username, OS/arch, Node version, all...
Lark Technologies: In orginization stored xss using location (Larksuite survey app)
A stored XSS cross-site scripting vulnerability was found in Larksuite survey app using the "site" parameter. We thank imrannisar for reporting this vulnerability and confirming its resolution...
Lark Technologies: [IDOR] Modify other team's reminders via reminderId parameter
An IDOR Insecure Direct Object Reference vulnerability was found in Larksuite reminders, allowing an attacker to modify any other user's reminder in the POST request via "reminderId" parameter. We thank imrannisar for reporting this vulnerability and confirming its resolution...