XSS in Emberjs Ember.js
CVE-2014-0046
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML v…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.013 (67.2th percentile) — read the EPSS interpretation.
Affected products
- Emberjs Ember.js — versions 1.2.0, 1.2.1, 1.3.0
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (vdb-entry, x_refsource_XF)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)