CVE-2014-0046
CVE-2014-0046 documents a Cross-site scripting (XSS) vulnerability in the Ember.js framework, specifically in the non-block form usage of the {{link-to}} helper. The issue allows a remote attacker to inject arbitrary script or HTML through the title attribute when rendering user-provided content....