Vulnerabilities > Eclipse > Theia > 1.6.0

DATE CVE VULNERABILITY TITLE RISK
2021-11-10 CVE-2021-41038 Unspecified vulnerability in Eclipse Theia
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
network
low complexity
eclipse
6.1
2021-09-01 CVE-2021-34435 Origin Validation Error vulnerability in Eclipse Theia
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE.
network
low complexity
eclipse CWE-346
8.8
2021-03-12 CVE-2021-28161 Cross-site Scripting vulnerability in Eclipse Theia
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
network
low complexity
eclipse CWE-79
6.1