Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:28 p.m.9 views

CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

6.1CVSS6.9AI score0.00708EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2021/04/13 3:18 p.m.5 views

@codeanywhere/theia-plugin-ext (>=1.11.0 <=1.11.4), @devworkspace-theia/webviews (>=0.0.1-alpha.1 <=0.0.2) +49 more potentially affected by CVE-2021-28161 via @theia/console (>=0.10.0-next.a2cdb337 <=1.8.0-next.632a67a5)

@theia/console NPM version =0.10.0-next.a2cdb337, =1.11.0, =0.0.1-alpha.1, =0.8.1-alpha.1, =0.0.1-1583345065, =0.0.2, =1.58.6, =1.64.0, =1.73.0-next.2, =0.1.0-next.4b3e6c8a, =0.1.0-next.4b3e6c8a, =0.3.16, =0.3.14, =0.16.0-next.f114ded2 and more Source cves: CVE-2021-28161 Source advisory:...

6.1CVSS6.3AI score0.00708EPSS
Exploits1
Circl
Circl
added 2021/03/13 12:55 a.m.8 views

CVE-2021-28161

creationtimestamp| type| source ---|---|--- 2021-03-13 00:55:52+00:00| seen| https://t.me/cibsecurity/24878...

6.1CVSS6.1AI score0.00708EPSS
Exploits1References1
CVE
CVE
added 2021/03/12 9:40 p.m.77 views

CVE-2021-28161

The CVE-2021-28161 entry concerns Eclipse Theia prior to or including version 1.8.0, where the debug console does not escape HTML. This lack of escaping enables injection of arbitrary JavaScript code through the console, constituting a cross-site scripting risk. The vulnerability is tied to Theia...

6.1CVSS6.3AI score0.00708EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder