CVE-2021-28162
Published
CVSS v3
6.1
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT
Description
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
Eclipse Theia is a cloud & desktop IDE framework implemented in TypeScript.
GitHub