CVE-2021-28161

Summary

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Theiaunspecified <= 1.8.0affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References