Ember.js@1.0.0 Security Vulnerabilities and Issues — Ember.js@1.0.0 CVE List

Lucene search

EmberjsEmber.js1.0.0

3 matches found

CVE•added 2022/06/30 1:15 p.m.•55 views

CVE-2013-4170

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to user-...

6.1CVSS6.4AI score0.00318EPSS

CVE•added 2018/02/15 9:29 p.m.•50 views

CVE-2014-0014

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.

5.4CVSS5.4AI score0.00291EPSS

CVE•added 2018/02/15 9:29 p.m.•48 views

CVE-2014-0013

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value a...

5.4CVSS5.2AI score0.00203EPSS