4 matches found
CVE-2021-28161
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
@codeanywhere/theia-plugin-ext (>=1.11.0 <=1.11.4), @devworkspace-theia/webviews (>=0.0.1-alpha.1 <=0.0.2) +49 more potentially affected by CVE-2021-28161 via @theia/console (>=0.10.0-next.a2cdb337 <=1.8.0-next.632a67a5)
@theia/console NPM version =0.10.0-next.a2cdb337, =1.11.0, =0.0.1-alpha.1, =0.8.1-alpha.1, =0.0.1-1583345065, =0.0.2, =1.58.6, =1.64.0, =1.73.0-next.2, =0.1.0-next.4b3e6c8a, =0.1.0-next.4b3e6c8a, =0.3.16, =0.3.14, =0.16.0-next.f114ded2 and more Source cves: CVE-2021-28161 Source advisory:...
CVE-2021-28161
creationtimestamp| type| source ---|---|--- 2021-03-13 00:55:52+00:00| seen| https://t.me/cibsecurity/24878...
CVE-2021-28161
The CVE-2021-28161 entry concerns Eclipse Theia prior to or including version 1.8.0, where the debug console does not escape HTML. This lack of escaping enables injection of arbitrary JavaScript code through the console, constituting a cross-site scripting risk. The vulnerability is tied to Theia...