Ó©éÓ╣ëÓ©¡Ó©äÓ©ºÓ©▓Ó©íÓ©¬Ó©│Ó©äÓ©▒Ó©ì (Thai)

0
90

Ó©éÓ╣ëÓ©¡Ó©äÓ©ºÓ©▓Ó©íÓ©¬Ó©│Ó©äÓ©▒Ó©ì

Summary

CVE-2026-4983 Ó╣ÇÓ©øÓ╣çÓ©ÖÓ©äÓ©ºÓ©▓Ó©íÓ╣ÇÓ©¬Ó©ÁÓ╣êÓ©óÓ©çÓ©ùÓ©ÁÓ╣êÓ╣ÇÓ©üÓ©┤Ó©öÓ©éÓ©ÂÓ╣ëÓ©ÖÓ╣âÓ©Ö Open VSX Registry Ó©ïÓ©ÂÓ╣êÓ©çÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ╣âÓ©èÓ╣ëÓ╣âÓ©ÖÓ©üÓ©▓Ó©úÓ©òÓ©┤Ó©öÓ©òÓ©▒Ó╣ëÓ©çÓ╣üÓ©ÑÓ©░Ó©êÓ©▒Ó©öÓ©üÓ©▓Ó©úÓ╣éÓ©øÓ©úÓ╣üÓ©üÓ©úÓ©íÓ╣ÇÓ©¬Ó©úÓ©┤Ó©í (extensions) Ó©ÜÓ©Ö VS Code. Ó©äÓ©ºÓ©▓Ó©íÓ╣ÇÓ©¬Ó©ÁÓ╣êÓ©óÓ©çÓ©ÖÓ©ÁÓ╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©éÓ©ÂÓ╣ëÓ©ÖÓ©êÓ©▓Ó©üÓ©üÓ©▓Ó©úÓ╣äÓ©íÓ╣ê sanitize SVG files Ó©ùÓ©ÁÓ╣êÓ©ûÓ©╣Ó©üÓ©¡Ó©▒Ó©øÓ╣éÓ©½Ó©ÑÓ©öÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣äÓ©¡Ó©äÓ©¡Ó©ÖÓ©éÓ©¡Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©ê Ó╣éÓ©öÓ©óÓ©ùÓ©│Ó╣âÓ©½Ó╣ëÓ©íÓ©ÁÓ╣éÓ©¡Ó©üÓ©▓Ó©¬Ó╣âÓ©½Ó╣ëÓ©£Ó©╣Ó╣ëÓ╣éÓ©êÓ©íÓ©òÓ©ÁÓ©¬Ó©▓Ó©íÓ©▓Ó©úÓ©ûÓ©¬Ó©úÓ╣ëÓ©▓Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ©íÓ©ÁÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö SVG Ó©úÓ╣ëÓ©▓Ó©óÓ╣üÓ©úÓ©çÓ╣üÓ©ÑÓ©░Ó©ùÓ©│Ó╣âÓ©½Ó╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©üÓ©▓Ó©ú XSS (Stored Cross-Site Scripting) Ó╣ÇÓ©íÓ©ÀÓ╣êÓ©¡Ó©£Ó©╣Ó╣ëÓ╣âÓ©èÓ╣ëÓ╣ÇÓ©éÓ╣ëÓ©▓Ó©ûÓ©ÂÓ©ç URL Ó©éÓ©¡Ó©çÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö

What the vulnerability/exploit is about

Open VSX Registry Ó╣äÓ©íÓ╣ê sanitize SVG files Ó©ùÓ©ÁÓ╣êÓ©ûÓ©╣Ó©üÓ©¡Ó©▒Ó©øÓ╣éÓ©½Ó©ÑÓ©öÓ╣ÇÓ©øÓ╣çÓ©ÖÓ╣äÓ©¡Ó©äÓ©¡Ó©ÖÓ©éÓ©¡Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©ê Ó╣éÓ©öÓ©óÓ©ùÓ©│Ó╣âÓ©½Ó╣ëÓ©íÓ©ÁÓ╣éÓ©¡Ó©üÓ©▓Ó©¬Ó╣âÓ©½Ó╣ëÓ©£Ó©╣Ó╣ëÓ╣éÓ©êÓ©íÓ©òÓ©ÁÓ©¬Ó©▓Ó©íÓ©▓Ó©úÓ©ûÓ©¬Ó©úÓ╣ëÓ©▓Ó©çÓ╣üÓ©×Ó╣çÓ©äÓ╣ÇÓ©üÓ©êÓ©ùÓ©ÁÓ╣êÓ©íÓ©ÁÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö SVG Ó©úÓ╣ëÓ©▓Ó©óÓ╣üÓ©úÓ©çÓ╣üÓ©ÑÓ©░Ó©ùÓ©│Ó╣âÓ©½Ó╣ëÓ╣ÇÓ©üÓ©┤Ó©öÓ©üÓ©▓Ó©ú XSS (Stored Cross-Site Scripting) Ó╣ÇÓ©íÓ©ÀÓ╣êÓ©¡Ó©£Ó©╣Ó╣ëÓ╣âÓ©èÓ╣ëÓ╣ÇÓ©éÓ╣ëÓ©▓Ó©ûÓ©ÂÓ©ç URL Ó©éÓ©¡Ó©çÓ╣äÓ©¡Ó©äÓ©¡Ó©Ö

Technical explanation for defenders

Impact

  • **Stored XSS**: An attacker can publish an extension with a malicious SVG icon and achieve stored XSS when a user navigates directly to the icon URL.
  • **Session Hijacking**: Script execution occurs within the Open VSX application origin
Buscar
Categorías
Leer más
Otro
CVE-2026-12866 : Vuln├®rabilit├® de s├®curit├® dans le package expr-eval
CVE-2026-12866 : Vuln├®rabilit├® de s├®curit├® dans le package expr-evalR├®sum├® :CVE-2026-12866...
Por Mario Serrano 2026-06-30 05:07:19 0 659
Ciberseguridad
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ (ðúð║ÐÇð░Ðùð¢ÐüÐîð║ð¥ÐÄ ð╝ð¥ð▓ð¥ÐÄ)
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ (ðúð║ÐÇð░Ðùð¢ÐüÐîð║ð¥ÐÄ ð╝ð¥ð▓ð¥ÐÄ)ðíÐâð╝ð░ÐÇð¢ð©ð╣ ð¥ð│ð╗ÐÅð┤...
Por Mario Serrano 2026-06-30 16:20:17 0 49
Ciberseguridad
CVE-2026-12866: Codeausf├╝hrung in expr-eval beheben
CVE-2026-12866: Codeausf├╝hrung in expr-eval behebenDieses Dokument beschreibt die...
Por Mario Serrano 2026-06-30 05:50:02 0 592
Otro
TITLU: Vulnerabilitatea CVE-2026-12866 - Detalii CVSS, EPSS și CISA Kev | CVE Find (Romaian)
TITLU: Vulnerabilitatea CVE-2026-12866 - Detalii CVSS, EPSS și CISA Kev | CVE...
Por Mario Serrano 2026-06-30 06:32:10 0 50
Otro
Título: Vulnerabilidade CVE-2026-12866 - Detalhes do CVSS, EPSS e CISA Kev | CVE Find (Portuguese (Brazil))
Título: Vulnerabilidade CVE-2026-12866 - Detalhes do CVSS, EPSS e CISA Kev | CVE FindSumário:A...
Por Mario Serrano 2026-06-30 06:45:42 0 67