Vulnerabilities > CVE-2021-28162 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Eclipse Theia
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.