Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Lark Technologies - HackerOne Reports

View on HackerOne

38

Total Reports

4

Critical

6

High

26

Medium

2

Low

SSRF with information disclosure

Reported by: jin0ne | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Messages disclosure via search feature of other users group(Cross-Tenant).

Reported by: base_64 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Improper Access Control on Lark Footer Feature

Reported by: imran_nisar | Disclosed:

High

Weakness: Improper Access Control - Generic

Stealing app credentials by reflected xss on Lark Suite

Reported by: imran_nisar | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Users Without Permission Can Download Restricted Files

Reported by: imran_nisar | Disclosed:

Medium

Weakness: Privilege Escalation

Sub-Dept User Can Add User's To Main Department.

Reported by: imran_nisar | Disclosed:

Medium

Weakness: Improper Privilege Management

Server Side Request Forgery

Reported by: jin0ne | Disclosed:

Critical

Weakness: Server-Side Request Forgery (SSRF)

Normal User is able to EXPORT Feature Usage Statistics

Reported by: aishkendle | Disclosed:

Medium

Weakness: Improper Access Control - Generic

[CSRF] No Csrf protection against sending invitation to join the team.

Reported by: imran_nisar | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

[AWC-Pune] - User can download files deleted by Admin using shortcuts

Reported by: prateek_thakare | Disclosed:

Medium

Sensitive information of helpdesk is being leaked.

Reported by: imran_nisar | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Stored XSS & SSRF in Lark Docs

Reported by: mike12 | Disclosed:

Critical

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $3000.00

Stored XSS in Satisfaction Surveys via "Ask Reason for Dissatisfaction" option

Reported by: imran_nisar | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

[Lark Android] Vulnerability in exported activity WebView

Reported by: shell_c0de | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $1000.00

Server Side Request Forgery

Reported by: jin0ne | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Removed user can still view comments on the file/documents.

Reported by: imran_nisar | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Reflected xss and open redirect on larksuite.com using /?back_uri= parameter.

Reported by: imran_nisar | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Able to steal private files by manipulating response using Compose Email function of Lark

Reported by: imran_nisar | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Improper Access Control allows OTP bypass

Reported by: kongwenbin | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Hyper Link Injection while signup

Reported by: susant_wagle123 | Disclosed:

Low

Weakness: Business Logic Errors

Page 1 of 2 Next