XSS in Emberjs Ember.js

CVE-2014-0046

Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML v…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.013 (67.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References