A critical vulnerability discovered in Microsoft’s popular Visual Studio Code (VS Code) Live Preview extension, downloaded over 11 million times, exposes developers to one-click cross-site scripting (XSS) and local file exfiltration attacks. The flaw, now patched, was discovered by researchers Nir Zadok and Moshe Siman Tov Bustan from OX Security. The issue affects all versions of the Live Preview extension up to 0.4.16. The vulnerability arises […]
The post Microsoft VS Code Extension with 11M Downloads Expose Developers to One-Click XSS Attacks appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: