Vulnerabilities (CVE)

Filtered by vendor Eclipse Subscribe

Filtered by product Theia

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-41038	1 Eclipse	1 Theia	2021-11-13	4.3 MEDIUM	6.1 MEDIUM
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
CVE-2021-28161	1 Eclipse	1 Theia	2021-03-18	4.3 MEDIUM	6.1 MEDIUM
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
CVE-2021-28162	1 Eclipse	1 Theia	2021-03-18	4.3 MEDIUM	6.1 MEDIUM
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.