CVE-2021-28162
6.1MEDIUMIn Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
Published: 3/12/2021Updated: 11/21/2024
Description
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
AI AnalysisPowered by AI
Affected Products
eclipsetheia
References
- https://github.com/eclipse-theia/theia/issues/7283ExploitIssue TrackingThird Party Advisory
- https://github.com/eclipse-theia/theia/issues/7283ExploitIssue TrackingThird Party Advisory