CVE-2021-28162

Summary

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Theiaunspecified <= 0.16.0affected

Weaknesses

  • CWE-830: CWE-830: Inclusion of Web Functionality from an Untrusted Source

ADP Enrichment

CVE Program Container

Additional References

References