54 matches found
EUVD-2018-0414
Malware in sbrugna...
EUVD-2018-0366
Malware in sbrugna...
EUVD-2018-0409
Malware in sbrugna...
EUVD-2022-3259
Malicious code in bioql PyPI...
EUVD-2022-6246
Malicious code in bioql PyPI...
EUVD-2022-5153
Malicious code in bioql PyPI...
Flame.js 跨站脚本漏洞
Flame.js is an Ember.js widget/UI library open-sourced by Flame.js. A cross-site scripting vulnerability exists in Flame.js that stems from the presence of cross-site scripting...
SUSE CVE-2014-0014
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application using the "group" Helper and a crafted payload...
GHSA-5M48-C37X-F792 Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...
CVE-2013-4170
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...
Cross site scripting
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...
CVE-2013-4170
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...
CVE-2013-4170
CVE-2013-4170 concerns Ember.js where user-supplied content bound to an Ember.View.tagName can be inserted into innerHTML without proper sanitization, enabling XSS in affected apps. Affected component: Ember.View.tagName handling; root cause: lack of sanitization when injecting tagName into strin...
Ember.js 跨站脚本漏洞
Tilde Ember.js is an open source web application framework for JavaScript from Tilde, Inc. in the United States. A security vulnerability exists in Ember.js. An attacker can exploit this vulnerability to execute arbitrary JavaScrip scripts...
GHSA-8XM3-GM7C-5FJX Ember.js Cross-site Scripting vulnerability
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value a...
Ember.js Cross-site Scripting vulnerability
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value a...
GHSA-RCX6-7JP6-PQF2 ember-source Cross-site Scripting vulnerability
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application using the group Helper and a crafted payload...
ember-source Cross-site Scripting vulnerability
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application using the group Helper and a crafted payload...
GHSA-MP78-R56V-45QC ember-source vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2...