CVE-2021-28161

CVE-2021-28161

Vendor The Eclipse Foundation

Product Eclipse Theia

Weakness CWE-79 · XSS

Published March 12, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.

Key dates

02Disclosure timeline

March 12, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-28161 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page CVE-2025-39420 WordPress WP Twitter Button plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-5791 Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting CVE-2024-29762 WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-29878 Cross-Site Scripting (XSS) vulnerability in Sentrifugo