Vulnerabilities > CVE-2021-28162 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Eclipse Theia
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.