4 matches found
GHSA-4Q53-FQHC-CR46 ember-source Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute...
ember-source Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute...
Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the link-to helper means that any user-supplied data bound to the link-to helper's title attribute will not be escaped...
DEBIAN-CVE-2011-1841
Cross-site scripting XSS vulnerability in the linkto helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...