CVE-2021-28162
6.1MEDIUMIn Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
Publicado: 3/12/2021Atualizado: 11/21/2024
Descrição
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
Análise IADesenvolvido por IA
Produtos Afetados
eclipsetheia
Referências
- https://github.com/eclipse-theia/theia/issues/7283ExploitIssue TrackingThird Party Advisory
- https://github.com/eclipse-theia/theia/issues/7283ExploitIssue TrackingThird Party Advisory