Ember.js — CVE history (npm)
Ember.js
6 CVEs affect the Ember.js npm package (highest CVSS 6.1). Latest disclosed: 2022-06-30. Full CVE history sourced from NVD.
Summary
- Package
Ember.js(npm)- Total CVEs
6- Actively exploited (CISA KEV)
- 0
- Highest CVSS
6.1- Latest disclosed
- 2022-06-30
Recent CVEs (top 6)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2013-4170 | Medium | 6.1 | — | 2022-06-30 | In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. |
CVE-2014-0014 | Medium | 5.4 | — | 2018-02-15 | Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}"… |
CVE-2014-0013 | Medium | 5.4 | — | 2018-02-15 | Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templat… |
CVE-2015-1866 | Medium | 6.1 | — | 2017-09-20 | Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. |
CVE-2015-7565 | Medium | 6.1 | — | 2017-04-13 | Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject… |
CVE-2014-0046 | — | — | — | 2014-02-27 | Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML v… |
All-time worst (top 5 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2013-4170 | Medium | 6.1 | — | 2022-06-30 | In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. |
CVE-2015-1866 | Medium | 6.1 | — | 2017-09-20 | Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. |
CVE-2015-7565 | Medium | 6.1 | — | 2017-04-13 | Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject… |
CVE-2014-0014 | Medium | 5.4 | — | 2018-02-15 | Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}"… |
CVE-2014-0013 | Medium | 5.4 | — | 2018-02-15 | Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templat… |