32 matches found
CVE-2026-45644
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network...
CVE-2026-45644
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network...
CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability
...
CVE-2026-45644
CVE-2026-45644 affects Microsoft Live Share Canvas SDK. The issue is improper neutralization of input during web page generation (XSS) that can be exploited by an authorized attacker over a network to elevate privileges. CVSS 3.1: 8.0 (HIGH) with Network attack vector, Low privileges required, Us...
EUVD-2026-35568
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network...
CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability
...
Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network...
PT-2026-48008
Name of the Vulnerable Software and Affected Versions Microsoft Live Share Canvas SDK affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to elevate privileges over a network...
Microsoft Live Share Canvas SDK 跨站脚本漏洞
The Microsoft Live Share Canvas SDK is an optional extension from the American company Microsoft. It is designed specifically to help developers easily add real-time, multi-person collaborative digital whiteboards or drawing boards into Microsoft Teams meeting applications. The Microsoft Live Sha...
EUVD-2019-10043
Malware in sbrugna...
EUVD-2020-12219
Malware in sbrugna...
EUVD-2024-52974
Malicious code in bioql PyPI...
CVE-2020-1343
An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'...
CVE-2019-1486
A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'...
CVE-2024-56083
Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomlygeneratedstring.devinapps.com URL aka the VSCode live share URL for a specific "Use Devin's Machine" session. For example, this URL may be discovered if a customer posts a...
The vulnerability of the Microsoft Visual Studio Code Live Share Extension, related to the lack of data protection for service data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Microsoft Visual Studio Code Live Share Extension relates to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by intercepting tokens from the client to...
Security Update for Microsoft Visual Studio Code Live Share Extension (June 2020)
An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text. To exploit the vulnerability, an attacker would need to perform a successful capture of the tokens from client to proxy, where specific proxy settings are being used,...
CVE-2020-1343
An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'...
Information disclosure
An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'...
CVE-2020-1343
An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'...