Stored XSS & SSRF in Lark Docs
Critical
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
A stored XSS (cross site scripting) vulnerability was discovered in Lark Docs that could be escalated into a Server Side Request Forgery (SSRF) vulnerability if opened in a headless browser on the Lark server. The vulnerability has been resolved. We thank @mike12 for reporting this to our team and confirming the resolution.
Actions:
Reported by
mike12
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$3000.00
Submitted
Weakness
Server-Side Request Forgery (SSRF)