In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2021-03-12T21:40:14

Updated: 2024-08-03T21:40:12.191Z

Reserved: 2021-03-12T00:00:00

Link: CVE-2021-28161

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-12T22:15:15.077

Modified: 2024-11-21T05:59:12.737

Link: CVE-2021-28161

cve-icon Redhat

No data.