In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/eclipse-theia/theia/issues/8794 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: eclipse
Published: 2021-03-12T21:40:14
Updated: 2024-08-03T21:40:12.191Z
Reserved: 2021-03-12T00:00:00
Link: CVE-2021-28161
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-12T22:15:15.077
Modified: 2024-11-21T05:59:12.737
Link: CVE-2021-28161
Redhat
No data.