← back
CVE-2021-28161

CVE-2021-28161

EPSS 0.7%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Mar 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
Affected products
The Eclipse Foundation · Eclipse Theia

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/eclipse-theia/theia/issues/8794