Vulnerability in The Eclipse Foundation Theia

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.

EPSS: 0.002 (38.4th percentile) — read the EPSS interpretation.

Affected products

The Eclipse Foundation Theia — versions unspecified

Weakness classification (CWE)

CWE-830

Public proof-of-concept exploits

References

github.com/eclipse-theia/theia/issues/7283 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-28162?: CVE-2021-28162 is a vulnerability in The Eclipse Foundation Theia, classified under CWE-830. Published 2021-03-12.
Is CVE-2021-28162 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.