CVE-2021-28161

eclipse-theia/theia

on github

Published

March 12, 2021

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.

References

https://github.com/eclipse-theia/theia/issues/8794

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:eclipse:theia::::::::	n/a	1.8.0 (including)	*

External Links

NVD - CVE-2021-28161