Vulnerability Database

Published: Mar 12, 2021
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28161" target="_blank" rel="noopener"> CVE-2021-28161
GHSA: <a href="https://github.com/advisories/GHSA-cwg9-c9cr-p5fq" target="_blank" rel="noopener"> GHSA-cwg9-c9cr-p5fq
Severity: Medium
Exploit:

300,830

Total vulnerabilities in the database

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
eclipse / theia	-	1.8.0.x
@theia / console	-	1.8.1

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.