2021-03-12 21:40:14
eclipse
PUBLISHED
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.