Live Share Canvas
Monthly
Privilege elevation via stored or reflected cross-site scripting in Microsoft Live Share Canvas SDK enables an authenticated attacker on the network to execute script in another user's browser context and gain elevated permissions within collaborative Live Share sessions. The CVSS 8.0 vector reflects high impact across confidentiality, integrity, and availability, though successful exploitation requires both low-level authentication and user interaction. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Privilege elevation via stored or reflected cross-site scripting in Microsoft Live Share Canvas SDK enables an authenticated attacker on the network to execute script in another user's browser context and gain elevated permissions within collaborative Live Share sessions. The CVSS 8.0 vector reflects high impact across confidentiality, integrity, and availability, though successful exploitation requires both low-level authentication and user interaction. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.