Ó©éÓ╣ëÓ©¡Ó©äÓ©ºÓ©▓Ó©íÓ©¬Ó©│Ó©äÓ©▒Ó©ì (Thai)

0
57

Ó©éÓ╣ëÓ©¡Ó©äÓ©ºÓ©▓Ó©íÓ©¬Ó©│Ó©äÓ©▒Ó©ì

Summary

CVE-2026-4983 Ó╣ÇÓ©øÓ╣çÓ©ÖÓ©äÓ©ºÓ©▓Ó©íÓ╣ÇÓ©¬Ó©ÁÓ╣êÓ©óÓ©çÓ©ùÓ©ÁÓ╣êÓ╣ÇÓ©üÓ©┤Ó©öÓ©éÓ©ÂÓ╣ëÓ©ÖÓ╣âÓ©Ö Open VSX Registry Ó©ïÓ©ÂÓ╣êÓ©çÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ╣âÓ©èÓ╣ëÓ╣âÓ©ÖÓ©üÓ©▓Ó©úÓ©òÓ©┤Ó©öÓ©òÓ©▒Ó╣ëÓ©çÓ╣üÓ©ÑÓ©░Ó©êÓ©▒Ó©öÓ©üÓ©▓Ó©úÓ╣éÓ©øÓ©úÓ╣üÓ©üÓ©úÓ©íÓ╣ÇÓ©¬Ó©úÓ©┤Ó©í (extensions) Ó©ÜÓ©Ö VS Code. Ó©äÓ©ºÓ©▓Ó©íÓ╣ÇÓ©¬Ó©ÁÓ╣êÓ©óÓ©çÓ©ÖÓ©ÁÓ╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©éÓ©ÂÓ╣ëÓ©ÖÓ©êÓ©▓Ó©üÓ©üÓ©▓Ó©úÓ╣äÓ©íÓ╣ê sanitize SVG files Ó©ùÓ©ÁÓ╣êÓ©ûÓ©╣Ó©üÓ©¡Ó©▒Ó©øÓ╣éÓ©½Ó©ÑÓ©öÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣äÓ©¡Ó©äÓ©¡Ó©ÖÓ©éÓ©¡Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©ê Ó╣éÓ©öÓ©óÓ©ùÓ©│Ó╣âÓ©½Ó╣ëÓ©íÓ©ÁÓ╣éÓ©¡Ó©üÓ©▓Ó©¬Ó╣âÓ©½Ó╣ëÓ©£Ó©╣Ó╣ëÓ╣éÓ©êÓ©íÓ©òÓ©ÁÓ©¬Ó©▓Ó©íÓ©▓Ó©úÓ©ûÓ©¬Ó©úÓ╣ëÓ©▓Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ©íÓ©ÁÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö SVG Ó©úÓ╣ëÓ©▓Ó©óÓ╣üÓ©úÓ©çÓ╣üÓ©ÑÓ©░Ó©ùÓ©│Ó╣âÓ©½Ó╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©üÓ©▓Ó©ú XSS (Stored Cross-Site Scripting) Ó╣ÇÓ©íÓ©ÀÓ╣êÓ©¡Ó©£Ó©╣Ó╣ëÓ╣âÓ©èÓ╣ëÓ╣ÇÓ©éÓ╣ëÓ©▓Ó©ûÓ©ÂÓ©ç URL Ó©éÓ©¡Ó©çÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö

What the vulnerability/exploit is about

Open VSX Registry Ó╣äÓ©íÓ╣ê sanitize SVG files Ó©ùÓ©ÁÓ╣êÓ©ûÓ©╣Ó©üÓ©¡Ó©▒Ó©øÓ╣éÓ©½Ó©ÑÓ©öÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣äÓ©¡Ó©äÓ©¡Ó©ÖÓ©éÓ©¡Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©ê Ó╣éÓ©öÓ©óÓ©ùÓ©│Ó╣âÓ©½Ó╣ëÓ©íÓ©ÁÓ╣éÓ©¡Ó©üÓ©▓Ó©¬Ó╣âÓ©½Ó╣ëÓ©£Ó©╣Ó╣ëÓ╣éÓ©êÓ©íÓ©òÓ©ÁÓ©¬Ó©▓Ó©íÓ©▓Ó©úÓ©ûÓ©¬Ó©úÓ╣ëÓ©▓Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ©íÓ©ÁÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö SVG Ó©úÓ╣ëÓ©▓Ó©óÓ╣üÓ©úÓ©çÓ╣üÓ©ÑÓ©░Ó©ùÓ©│Ó╣âÓ©½Ó╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©üÓ©▓Ó©ú XSS (Stored Cross-Site Scripting) Ó╣ÇÓ©íÓ©ÀÓ╣êÓ©¡Ó©£Ó©╣Ó╣ëÓ╣âÓ©èÓ╣ëÓ╣ÇÓ©éÓ╣ëÓ©▓Ó©ûÓ©ÂÓ©ç URL Ó©éÓ©¡Ó©çÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö

Technical explanation for defenders

Impact

  • **Stored XSS**: An attacker can publish an extension with a malicious SVG icon and achieve stored XSS when a user navigates directly to the icon URL.
  • **Session Hijacking**: Script execution occurs within the Open VSX application origin
Buscar
Categorías
Leer más
Ciberseguridad
Ó«¿Ó«¥Ó«¬Ó«▓Ó»êÓ»ì (Ó«¿Ó«¥) (Ó«¿Ó«¥)
Ó«¿Ó«¥Ó«¬Ó«▓Ó»êÓ»ì (Ó«¿Ó«¥)Ó«ëÓ«▓Ó»êÓ«┤Ó«┐Ó«▓Ó»ì (Ó«¿Ó«¥)Ó«ÜÓ«▓Ó«┤Ó«┐Ó«▓Ó»ì...
Por Mario Serrano 2026-06-30 18:02:45 0 291
Ciberseguridad
AN SEO TITLE
Título: Vulnerabilidade CVE-2026-12866 - Detalhes CVSS, EPSS e CISA Kev | CVE FindResumo:A...
Por Mario Serrano 2026-06-30 05:34:09 0 316
Otro
Titel (in Dutch)
Titel (in Dutch)Samenvatting (in Dutch)Dezeelcode van de package `expr-eval` is geïnfectueerd...
Por Mario Serrano 2026-06-30 06:10:37 0 54
Ciberseguridad
Vulnerabilitas CVE-2026-12866: Deteksi CVSS, EPSS, dan Kev | CVE Find
Vulnerabilitas CVE-2026-12866Vulnerabilitas CVE-2026-12866: Deteksi CVSS, EPSS, dan Kev | CVE...
Por Mario Serrano 2026-06-30 10:12:20 0 51
Ciberseguridad
Ï╣┘å┘êϺ┘å (Ï»Ï▒ ┘üϺÏ▒Ï│█î)
Ï╣┘å┘êϺ┘å (Ï»Ï▒ ┘üϺÏ▒Ï│█î)Ï«┘äϺÏÁ┘ç (Ï»Ï▒ ┘üϺÏ▒Ï│█î)┘àϺ┘ç█îϬ ┘ê...
Por Mario Serrano 2026-06-30 17:55:21 0 51