Ó©éÓ╣ëÓ©¡Ó©äÓ©ºÓ©▓Ó©íÓ©¬Ó©│Ó©äÓ©▒Ó©ì (Thai)

0
64

Ó©éÓ╣ëÓ©¡Ó©äÓ©ºÓ©▓Ó©íÓ©¬Ó©│Ó©äÓ©▒Ó©ì

Summary

CVE-2026-4983 Ó╣ÇÓ©øÓ╣çÓ©ÖÓ©äÓ©ºÓ©▓Ó©íÓ╣ÇÓ©¬Ó©ÁÓ╣êÓ©óÓ©çÓ©ùÓ©ÁÓ╣êÓ╣ÇÓ©üÓ©┤Ó©öÓ©éÓ©ÂÓ╣ëÓ©ÖÓ╣âÓ©Ö Open VSX Registry Ó©ïÓ©ÂÓ╣êÓ©çÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ╣âÓ©èÓ╣ëÓ╣âÓ©ÖÓ©üÓ©▓Ó©úÓ©òÓ©┤Ó©öÓ©òÓ©▒Ó╣ëÓ©çÓ╣üÓ©ÑÓ©░Ó©êÓ©▒Ó©öÓ©üÓ©▓Ó©úÓ╣éÓ©øÓ©úÓ╣üÓ©üÓ©úÓ©íÓ╣ÇÓ©¬Ó©úÓ©┤Ó©í (extensions) Ó©ÜÓ©Ö VS Code. Ó©äÓ©ºÓ©▓Ó©íÓ╣ÇÓ©¬Ó©ÁÓ╣êÓ©óÓ©çÓ©ÖÓ©ÁÓ╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©éÓ©ÂÓ╣ëÓ©ÖÓ©êÓ©▓Ó©üÓ©üÓ©▓Ó©úÓ╣äÓ©íÓ╣ê sanitize SVG files Ó©ùÓ©ÁÓ╣êÓ©ûÓ©╣Ó©üÓ©¡Ó©▒Ó©øÓ╣éÓ©½Ó©ÑÓ©öÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣äÓ©¡Ó©äÓ©¡Ó©ÖÓ©éÓ©¡Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©ê Ó╣éÓ©öÓ©óÓ©ùÓ©│Ó╣âÓ©½Ó╣ëÓ©íÓ©ÁÓ╣éÓ©¡Ó©üÓ©▓Ó©¬Ó╣âÓ©½Ó╣ëÓ©£Ó©╣Ó╣ëÓ╣éÓ©êÓ©íÓ©òÓ©ÁÓ©¬Ó©▓Ó©íÓ©▓Ó©úÓ©ûÓ©¬Ó©úÓ╣ëÓ©▓Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ©íÓ©ÁÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö SVG Ó©úÓ╣ëÓ©▓Ó©óÓ╣üÓ©úÓ©çÓ╣üÓ©ÑÓ©░Ó©ùÓ©│Ó╣âÓ©½Ó╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©üÓ©▓Ó©ú XSS (Stored Cross-Site Scripting) Ó╣ÇÓ©íÓ©ÀÓ╣êÓ©¡Ó©£Ó©╣Ó╣ëÓ╣âÓ©èÓ╣ëÓ╣ÇÓ©éÓ╣ëÓ©▓Ó©ûÓ©ÂÓ©ç URL Ó©éÓ©¡Ó©çÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö

What the vulnerability/exploit is about

Open VSX Registry Ó╣äÓ©íÓ╣ê sanitize SVG files Ó©ùÓ©ÁÓ╣êÓ©ûÓ©╣Ó©üÓ©¡Ó©▒Ó©øÓ╣éÓ©½Ó©ÑÓ©öÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣äÓ©¡Ó©äÓ©¡Ó©ÖÓ©éÓ©¡Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©ê Ó╣éÓ©öÓ©óÓ©ùÓ©│Ó╣âÓ©½Ó╣ëÓ©íÓ©ÁÓ╣éÓ©¡Ó©üÓ©▓Ó©¬Ó╣âÓ©½Ó╣ëÓ©£Ó©╣Ó╣ëÓ╣éÓ©êÓ©íÓ©òÓ©ÁÓ©¬Ó©▓Ó©íÓ©▓Ó©úÓ©ûÓ©¬Ó©úÓ╣ëÓ©▓Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ©íÓ©ÁÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö SVG Ó©úÓ╣ëÓ©▓Ó©óÓ╣üÓ©úÓ©çÓ╣üÓ©ÑÓ©░Ó©ùÓ©│Ó╣âÓ©½Ó╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©üÓ©▓Ó©ú XSS (Stored Cross-Site Scripting) Ó╣ÇÓ©íÓ©ÀÓ╣êÓ©¡Ó©£Ó©╣Ó╣ëÓ╣âÓ©èÓ╣ëÓ╣ÇÓ©éÓ╣ëÓ©▓Ó©ûÓ©ÂÓ©ç URL Ó©éÓ©¡Ó©çÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö

Technical explanation for defenders

Impact

  • **Stored XSS**: An attacker can publish an extension with a malicious SVG icon and achieve stored XSS when a user navigates directly to the icon URL.
  • **Session Hijacking**: Script execution occurs within the Open VSX application origin
Buscar
Categorías
Leer más
Otro
Código de Calculadora Científica en PHP con Guardado de Calculos
file: calculator.php<?php // Iniciar sesiones para almacenar datos session_start(); //...
Por Mario Serrano 2026-06-30 03:06:26 0 149
Ciberseguridad
Título: Vulnerabilidade de Denial-of-Service no Traefik por HTTP/2 Request Handling (Portuguese)
Título: Vulnerabilidade de Denial-of-Service no Traefik por HTTP/2 Request HandlingResumoO...
Por Mario Serrano 2026-06-30 13:05:01 0 59
Ciberseguridad
Título: Vulnerabilidade CVE-2026-12866 - Detalhes CVSS, EPSS e CISA Kev | CVE Find (Portuguese (Brazil))
Título: Vulnerabilidade CVE-2026-12866 - Detalhes CVSS, EPSS e CISA Kev | CVE FindResumo:A...
Por Mario Serrano 2026-06-30 06:51:37 0 42
Ciberseguridad
Ï╣┘å┘êϺ┘å ┘à┘éϺ┘ä┘ç (Ï»Ï▒ ┘üϺÏ▒Ï│█î)
Ï╣┘å┘êϺ┘å ┘à┘éϺ┘ä┘ç (Ï»Ï▒ ┘üϺÏ▒Ï│█î)Ï«┘äϺÏÁ┘ç (Ï»Ï▒ ┘üϺÏ▒Ï│█î)Ϭ┘êÏÂ█îϡϺϬ Ï»┘é█î┘é...
Por Mario Serrano 2026-06-30 17:57:12 0 306
Ciberseguridad
Kritiksel Dil Kuralları: Türkçe'de Sadece Bir Kelime Türkçe Olmalıdır
Her başlık, paragraf, kod açıklaması ve referans etiketleri Türkçe olmalıdır. Bu, zor...
Por Mario Serrano 2026-06-30 05:59:50 0 152