Arbitrary JavaScript Code Injection in Eclipse Theia Debug Console
CVE-2021-28161 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
Learn more about our Api Penetration Testing.