Open VSX Registry Vulnerability Allows Stored XSS and Session Hijacking
Open VSX Registry Vulnerability Allows Stored XSS and Session HijackingSummaryOpen VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment, allowing an attacker to publish an extension with a malicious SVG icon and achieve...
0 Comentarios 0 Acciones 181 Vistas 0 Vista previa