Lucene search
K

4 matches found

OSV
OSV
added 2018/08/28 10:33 p.m.18 views

GHSA-4Q53-FQHC-CR46 ember-source Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute...

2.6CVSS5.5AI score0.01316EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2018/08/28 10:33 p.m.32 views

ember-source Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute...

2.6CVSS5.6AI score0.01316EPSS
Exploits0References12Affected Software1
RubySec
RubySec
added 2014/02/07 12:0 a.m.21 views

Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the link-to helper means that any user-supplied data bound to the link-to helper's title attribute will not be escaped...

2.6CVSS1AI score0.01316EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2011/05/03 12:55 a.m.2 views

DEBIAN-CVE-2011-1841

Cross-site scripting XSS vulnerability in the linkto helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01705EPSS
Exploits0References1
Rows per page
Query Builder