Lucene search
K

54 matches found

Prion
Prion
added 2017/04/13 2:59 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML...

4.3CVSS6.3AI score0.00816EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/04/13 2:0 p.m.22 views

CVE-2015-7565

Cross-site scripting XSS vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML...

6.1AI score0.00816EPSS
Exploits0References2
CVE
CVE
added 2017/04/13 2:0 p.m.73 views

CVE-2015-7565

CVE-2015-7565 is an Ember.js XSS vulnerability affecting multiple branches (1.8.x–2.2.x). The root cause is improper escaping of user-controlled input in templates, allowing remote attackers to inject arbitrary script/HTML. Affected versions include 1.8.x–1.10.x, 1.11.x before 1.11.4, 1.12.x befo...

6.1CVSS6.1AI score0.00816EPSS
Exploits0References2Affected Software1
RubySec
RubySec
added 2016/01/14 12:0 a.m.38 views

Ember.js XSS Vulnerability with User-Supplied JSON

By default, Ember will escape any values in Handlebars templates that use double curlies value. Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer...

6.1CVSS1.4AI score0.00816EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/04/26 12:0 a.m.2 views

Tilde Ember.js Cross-Site Scripting Vulnerability

Tilde Ember.js is a set of JavaScript frameworks for creating web applications. Tilde Ember.js suffers from a cross-site scripting vulnerability due to the failure of the program's view "select" option's optionLabelPath property to adequately filter user-submitted input, which allows remote...

6.1CVSS6.2AI score0.0112EPSS
Exploits1References1
RubySec
RubySec
added 2015/04/14 12:0 a.m.20 views

Ember.js XSS Vulnerability With {{view "select"}} Options

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the select view means that any user-supplied data bound to an option's label will not be escaped correctly. In applicatio...

6.1CVSS0.7AI score0.0112EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2014/02/27 3:55 p.m.14 views

CVE-2014-0046

Cross-site scripting XSS vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute...

2.6CVSS5.7AI score0.01316EPSS
Exploits0References6
Prion
Prion
added 2014/02/27 3:55 p.m.9 views

Cross site scripting

Cross-site scripting XSS vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute...

2.6CVSS6.2AI score0.01316EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2014/02/27 3:0 p.m.19 views

CVE-2014-0046

Cross-site scripting XSS vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute...

5.7AI score0.01316EPSS
Exploits0References6
CVE
CVE
added 2014/02/27 3:0 p.m.81 views

CVE-2014-0046

CVE-2014-0046 documents a Cross-site scripting (XSS) vulnerability in the Ember.js framework, specifically in the non-block form usage of the {{link-to}} helper. The issue allows a remote attacker to inject arbitrary script or HTML through the title attribute when rendering user-provided content....

2.6CVSS5.9AI score0.01316EPSS
Exploits0References6Affected Software1
RubySec
RubySec
added 2014/02/07 12:0 a.m.21 views

Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the link-to helper means that any user-supplied data bound to the link-to helper's title attribute will not be escaped...

2.6CVSS1AI score0.01316EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/01/14 12:0 a.m.23 views

Ember.js Potential XSS Exploit With User-Supplied Data When Using {{group}} Helper

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When using the group...

5.4CVSS0.2AI score0.01395EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/01/14 12:0 a.m.20 views

Ember.js Potential XSS Exploit With User-Supplied Data When Binding Primitive Values

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When a primitive value...

5.4CVSS1.2AI score0.00686EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/07/25 12:0 a.m.26 views

Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...

6.1CVSS0.7AI score0.00854EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder