@theia/plugin-ext is vulnerable to cross-site scripting. An attacker is able to exploit the vulnerability by injecting malicious script into the system via the hostMessaging
function. The vulnerability exists due to the lack of origin or parent check.
bugs.eclipse.org/bugs/show_bug.cgi?id=575924
github.com/eclipse-theia/theia//commit/4e1619dc8ab84e8abd900cf7a21421b2b8ef7319
github.com/eclipse-theia/theia/blob/d3501165bb4e87c3612a1a02c34a1d16ab81802c/packages/plugin-ext/src/main/browser/webview/pre/host.js#L28
github.com/eclipse-theia/theia/pull/10125