Stored XSS in Satisfaction Surveys via "Ask Reason for Dissatisfaction" option
Medium
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
A stored XSS (cross site scripting) vulnerability was found within the Lark satisfaction survey which an attacker could have potentially used to inject malicious javascript within the "reason for dissatification" section when selecting a poor rating after a help desk chat is completed. We thank @imran_nisar for reporting this to our team and confirming the resolution.
Actions:
Reported by
imran_nisar
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored