Arbitrary JavaScript Code Injection in Eclipse Theia Debug Console

CVE-2021-28161 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.

Learn more about our Api Penetration Testing.