Lucene search
HistoryFeb 27, 2014 - 3:55 p.m.
CVE-2014-0046
cve-2014-0046
cross-site scripting
xss
ember.js
security
vulnerability
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.8%
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.
Affected configurations
Node
emberjsember.jsMatch1.2.0
ORemberjsember.jsMatch1.2.1
ORemberjsember.jsMatch1.3.0
ORemberjsember.jsMatch1.3.1
ORemberjsember.jsMatch1.4.0beta
Related
cvelist
cvelist
CVE-2014-0046
2014-02-27 15:00:00
nvd
nvd
CVE-2014-0046
2014-02-27 15:55:04
osv
osv
ember-source Cross-site Scripting vulnerability
2018-08-28 22:33:42
prion
prion
Cross site scripting
2014-02-27 15:55:00
github
github
ember-source Cross-site Scripting vulnerability
2018-08-28 22:33:42
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.8%
Related for CVE-2014-0046