Lark Technologies: In orginization stored xss using location (Larksuite survey app)

A stored XSS cross-site scripting vulnerability was found in Larksuite survey app using the "site" parameter. We thank imrannisar for reporting this vulnerability and confirming its resolution...

Lark Technologies: [IDOR] Modify other team's reminders via reminderId parameter

An IDOR Insecure Direct Object Reference vulnerability was found in Larksuite reminders, allowing an attacker to modify any other user's reminder in the POST request via "reminderId" parameter. We thank imrannisar for reporting this vulnerability and confirming its resolution...