A vulnerability in popular preprocessor language Less.js could be exploited to achieve remote code execution (RCE) against websites that allow users to input Less.js code, researchers have warned. It is this feature that can leave a user vulnerable to remote attack, researchers from Canadian infosec firm Software Secured detailed.