CVE-2013-4170
CVE-2013-4170 concerns Ember.js where user-supplied content bound to an Ember.View.tagName can be inserted into innerHTML without proper sanitization, enabling XSS in affected apps. Affected component: Ember.View.tagName handling; root cause: lack of sanitization when injecting tagName into strin...