Open VSX Registry Vulnerability Allows Stored XSS and Session Hijacking
Open VSX Registry Vulnerability Allows Stored XSS and Session HijackingSummaryOpen VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment, allowing an attacker to publish an extension with a malicious SVG icon and achieve...
0 Комментарии 0 Поделились 210 Просмотры 0 предпросмотр