0.001 Low
EPSS
Percentile
40.5%
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
github.com/advisories/GHSA-c94v-8fff-73ph
github.com/eclipse-theia/theia/blob/master/CHANGELOG.md#v100---26032020
github.com/eclipse-theia/theia/issues/7283
github.com/eclipse-theia/theia/pull/7289
nvd.nist.gov/vuln/detail/CVE-2021-28162