Search criteria
18 vulnerabilities found for ember.js by emberjs
FKIE_CVE-2013-4170
Vulnerability from fkie_nvd - Published: 2022-06-30 13:15 - Updated: 2024-11-21 01:55
Severity ?
Summary
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://groups.google.com/g/ember-security/c/dokLVwwxAdM | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | https://rubysec.com/advisories/CVE-2013-4170/ | Third Party Advisory | |
| secalert@redhat.com | https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/ember-security/c/dokLVwwxAdM | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rubysec.com/advisories/CVE-2013-4170/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emberjs:ember.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41A481D2-4EBC-467F-A853-7D413A51E843",
"versionEndExcluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "566747B2-6B01-47CE-8E3E-EE41E734CB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7129C1F-17EB-4FF0-9C98-F967716D82D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BD322617-FC0D-442A-9A29-DB7141BA9F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51AEB9F0-5AC6-4420-BBEE-ECD30A3A1147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "4263C3AB-7D4B-4F45-915E-1417106E3FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "95DF583D-1DB8-4B53-A027-3FC23770EF64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view\u0027s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (\"XSS\"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`."
},
{
"lang": "es",
"value": "En general, Ember.js escapa o elimina cualquier contenido suministrado por el usuario antes de insertarlo en las cadenas que ser\u00e1n enviadas a innerHTML. Sin embargo, la propiedad \"tagName\" de un \"Ember.View\" fue insertada en dicha cadena sin ser saneada. Esto significa que si una aplicaci\u00f3n asigna el \"tagName\" de una vista a datos suministrados por el usuario, una carga \u00fatil especialmente dise\u00f1ada podr\u00eda ejecutar JavaScript arbitrario en el contexto del dominio actual (\"XSS\"). Esta vulnerabilidad s\u00f3lo afecta a aplicaciones que asignan o vinculan contenido proporcionado por el usuario a \"tagName\""
}
],
"id": "CVE-2013-4170",
"lastModified": "2024-11-21T01:55:01.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-30T13:15:08.230",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rubysec.com/advisories/CVE-2013-4170/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rubysec.com/advisories/CVE-2013-4170/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0014
Vulnerability from fkie_nvd - Published: 2018-02-15 21:29 - Updated: 2024-11-21 02:01
Severity ?
Summary
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.1 | |
| emberjs | ember.js | 1.1.2 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.4.0 | |
| emberjs | ember.js | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06EA010B-7952-455B-8B54-9E1A5E740F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.2:*:*:*:*:*:*",
"matchCriteriaId": "49EE1E69-375C-49A3-9282-39D614D4F195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.3:*:*:*:*:*:*",
"matchCriteriaId": "DA3EA4F8-9FA1-4EB6-B417-A000F406D17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.4:*:*:*:*:*:*",
"matchCriteriaId": "966B3314-F6A5-4BF7-9E6D-27BA19BDB2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.1:*:*:*:*:*:*",
"matchCriteriaId": "E9058750-A59E-4AAD-B2B8-4ADC879015E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.1.1:*:*:*:*:*:*",
"matchCriteriaId": "E7EA109D-CEFC-4F17-AB87-9B4DA2982E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.2:*:*:*:*:*:*",
"matchCriteriaId": "2E3E72B7-9B0D-4DB0-A95D-76DC09675080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.2.1:*:*:*:*:*:*",
"matchCriteriaId": "9143430D-E09D-4E11-82DD-437B5CBCCFB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.3:*:*:*:*:*:*",
"matchCriteriaId": "1E4370BF-E322-4039-8D72-0374889B36B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.3.1:*:*:*:*:*:*",
"matchCriteriaId": "76D71469-94FE-46D5-95C4-8BFC110FB0F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.4:*:*:*:*:*:*",
"matchCriteriaId": "1BF3E9CD-4059-4A65-9742-957D536C591E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.4.1:*:*:*:*:*:*",
"matchCriteriaId": "40411326-06E3-4C75-B708-16F003543129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.5:*:*:*:*:*:*",
"matchCriteriaId": "30855E4E-E81C-4F59-BD74-BF1D9B6E2566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.5.1:*:*:*:*:*:*",
"matchCriteriaId": "83C4347F-8032-406C-9649-C28D7136A034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.6:*:*:*:*:*:*",
"matchCriteriaId": "0F89F6D3-A9BD-4AAE-9D63-AE112F5009C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.6.1:*:*:*:*:*:*",
"matchCriteriaId": "04337BE9-46DE-45DA-A8CB-62347ECB7A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.7:*:*:*:*:*:*",
"matchCriteriaId": "E8F08121-EB24-4E05-9619-91E05063A1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.8:*:*:*:*:*:*",
"matchCriteriaId": "9191FB3E-9216-4FD6-8083-1F7A7B77CC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51AEB9F0-5AC6-4420-BBEE-ECD30A3A1147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "187D45D7-DB71-4AB4-8774-E8FE3685CEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "E16B2354-F3F6-41D9-9F0B-393AF1EFCF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.2:*:*:*:*:*:*",
"matchCriteriaId": "AFF4CB53-EA5F-4287-A11B-FAD2C64FEF0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.3:*:*:*:*:*:*",
"matchCriteriaId": "DDAFCA5B-E843-4C92-B521-4154BA352273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.4:*:*:*:*:*:*",
"matchCriteriaId": "01DF971B-6A44-4784-92E5-27F6C185AE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEEE7EE-71A5-4AA0-A45B-33D198A824CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B822D-17A7-41C0-83A7-D2DB1CFC0B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC412A0-698F-4D20-96D3-52877A8C9869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "14527BA9-4E61-40DD-84D2-CD8E153AFD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.2:*:*:*:*:*:*",
"matchCriteriaId": "EBABF9BC-DE98-4153-9DC8-B5CCF35E98DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.3:*:*:*:*:*:*",
"matchCriteriaId": "E5C0C6AA-CF73-4F0F-BADF-3E1C3594D296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.4:*:*:*:*:*:*",
"matchCriteriaId": "BED84DC9-6D6B-45A6-9D8A-7E10D9496BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "592FFC69-C059-45EF-B400-CDA60FC3D792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "1960699D-01A0-44E7-9DA4-5F4C59D01A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.2:*:*:*:*:*:*",
"matchCriteriaId": "13D42307-9855-427D-89EF-B56C9D641A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.3:*:*:*:*:*:*",
"matchCriteriaId": "C186D57D-CDB1-4567-8CD9-1B7FEC5A479D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.4:*:*:*:*:*:*",
"matchCriteriaId": "64B67E02-CA41-477B-8F22-4D0ACAF1085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71844C82-A8B0-45F5-99E9-96400A4A9E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.4.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "4104EA1F-D2EF-43C4-B3B8-2126ADD9BACF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the \"{{group}}\" Helper and a crafted payload."
},
{
"lang": "es",
"value": "Ember.js en versiones 1.0.x anteriores a la 1.0.1, 1.1.x anteriores a la 1.1.3, 1.2.x en versiones anteriores a la 1.2.1, 1.3.x anteriores a la 1.3.1 y versiones 1.4.x anteriores a la 1.4.0-beta.2 permite que atacantes remotos lleven a cabo ataques de Cross-Site Scripting (XSS) aprovechando una aplicaci\u00f3n que emplea el Helper \"{{group}}\" y una carga \u00fatil manipulada."
}
],
"id": "CVE-2014-0014",
"lastModified": "2024-11-21T02:01:10.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T21:29:00.510",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0013
Vulnerability from fkie_nvd - Published: 2018-02-15 21:29 - Updated: 2024-11-21 02:01
Severity ?
Summary
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.0.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.0 | |
| emberjs | ember.js | 1.1.1 | |
| emberjs | ember.js | 1.1.2 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.2.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.3.0 | |
| emberjs | ember.js | 1.4.0 | |
| emberjs | ember.js | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06EA010B-7952-455B-8B54-9E1A5E740F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.2:*:*:*:*:*:*",
"matchCriteriaId": "49EE1E69-375C-49A3-9282-39D614D4F195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.3:*:*:*:*:*:*",
"matchCriteriaId": "DA3EA4F8-9FA1-4EB6-B417-A000F406D17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:pre.4:*:*:*:*:*:*",
"matchCriteriaId": "966B3314-F6A5-4BF7-9E6D-27BA19BDB2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.1:*:*:*:*:*:*",
"matchCriteriaId": "E9058750-A59E-4AAD-B2B8-4ADC879015E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.1.1:*:*:*:*:*:*",
"matchCriteriaId": "E7EA109D-CEFC-4F17-AB87-9B4DA2982E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.2:*:*:*:*:*:*",
"matchCriteriaId": "2E3E72B7-9B0D-4DB0-A95D-76DC09675080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.2.1:*:*:*:*:*:*",
"matchCriteriaId": "9143430D-E09D-4E11-82DD-437B5CBCCFB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.3:*:*:*:*:*:*",
"matchCriteriaId": "1E4370BF-E322-4039-8D72-0374889B36B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.3.1:*:*:*:*:*:*",
"matchCriteriaId": "76D71469-94FE-46D5-95C4-8BFC110FB0F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.4:*:*:*:*:*:*",
"matchCriteriaId": "1BF3E9CD-4059-4A65-9742-957D536C591E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.4.1:*:*:*:*:*:*",
"matchCriteriaId": "40411326-06E3-4C75-B708-16F003543129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.5:*:*:*:*:*:*",
"matchCriteriaId": "30855E4E-E81C-4F59-BD74-BF1D9B6E2566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.5.1:*:*:*:*:*:*",
"matchCriteriaId": "83C4347F-8032-406C-9649-C28D7136A034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.6:*:*:*:*:*:*",
"matchCriteriaId": "0F89F6D3-A9BD-4AAE-9D63-AE112F5009C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.6.1:*:*:*:*:*:*",
"matchCriteriaId": "04337BE9-46DE-45DA-A8CB-62347ECB7A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.7:*:*:*:*:*:*",
"matchCriteriaId": "E8F08121-EB24-4E05-9619-91E05063A1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc.8:*:*:*:*:*:*",
"matchCriteriaId": "9191FB3E-9216-4FD6-8083-1F7A7B77CC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "51AEB9F0-5AC6-4420-BBEE-ECD30A3A1147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "187D45D7-DB71-4AB4-8774-E8FE3685CEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "E16B2354-F3F6-41D9-9F0B-393AF1EFCF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.2:*:*:*:*:*:*",
"matchCriteriaId": "AFF4CB53-EA5F-4287-A11B-FAD2C64FEF0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.3:*:*:*:*:*:*",
"matchCriteriaId": "DDAFCA5B-E843-4C92-B521-4154BA352273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.0:beta.4:*:*:*:*:*:*",
"matchCriteriaId": "01DF971B-6A44-4784-92E5-27F6C185AE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEEE7EE-71A5-4AA0-A45B-33D198A824CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B822D-17A7-41C0-83A7-D2DB1CFC0B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC412A0-698F-4D20-96D3-52877A8C9869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "14527BA9-4E61-40DD-84D2-CD8E153AFD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.2:*:*:*:*:*:*",
"matchCriteriaId": "EBABF9BC-DE98-4153-9DC8-B5CCF35E98DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.3:*:*:*:*:*:*",
"matchCriteriaId": "E5C0C6AA-CF73-4F0F-BADF-3E1C3594D296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:beta.4:*:*:*:*:*:*",
"matchCriteriaId": "BED84DC9-6D6B-45A6-9D8A-7E10D9496BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "592FFC69-C059-45EF-B400-CDA60FC3D792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "1960699D-01A0-44E7-9DA4-5F4C59D01A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.2:*:*:*:*:*:*",
"matchCriteriaId": "13D42307-9855-427D-89EF-B56C9D641A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.3:*:*:*:*:*:*",
"matchCriteriaId": "C186D57D-CDB1-4567-8CD9-1B7FEC5A479D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:beta.4:*:*:*:*:*:*",
"matchCriteriaId": "64B67E02-CA41-477B-8F22-4D0ACAF1085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71844C82-A8B0-45F5-99E9-96400A4A9E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.4.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "4104EA1F-D2EF-43C4-B3B8-2126ADD9BACF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable."
},
{
"lang": "es",
"value": "Ember.js en versiones 1.0.x anteriores a la 1.0.1, 1.1.x anteriores a la 1.1.3, 1.2.x en versiones anteriores a la 1.2.1, 1.3.x anteriores a la 1.3.1 y versiones 1.4.x anteriores a la 1.4.0-beta.2 permite que atacantes remotos lleven a cabo ataques de Cross-Site Scripting (XSS) aprovechando una aplicaci\u00f3n que contiene plantillas cuyo contexto se asigna a un valor primitivo proporcionado por el usuario y que, adem\u00e1s, contiene la variable especial Handlebars \"{{this}}\"."
}
],
"id": "CVE-2014-0013",
"lastModified": "2024-11-21T02:01:10.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T21:29:00.430",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1866
Vulnerability from fkie_nvd - Published: 2017-09-20 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2015/04/14/11 | Exploit, Mailing List, Mitigation, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74185 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/04/14/11 | Exploit, Mailing List, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74185 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emberjs | ember.js | 1.10.0 | |
| emberjs | ember.js | 1.10.0 | |
| emberjs | ember.js | 1.10.0 | |
| emberjs | ember.js | 1.10.0 | |
| emberjs | ember.js | 1.10.0 | |
| emberjs | ember.js | 1.11.0 | |
| emberjs | ember.js | 1.11.0 | |
| emberjs | ember.js | 1.11.0 | |
| emberjs | ember.js | 1.11.0 | |
| emberjs | ember.js | 1.11.0 | |
| emberjs | ember.js | 1.11.0 | |
| emberjs | ember.js | 1.11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEFDF381-F31E-4F2F-BF1B-07F2033E169D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7BDC1837-025A-41B1-96AE-C2F01C807CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.10.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78E12878-A072-436C-9214-1A5BF1B536F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.10.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "463B3A38-C649-4FF0-93A1-EAF827A10242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.10.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F735AB26-639C-46B0-8936-005C39CC67A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47398C91-A34D-4CCB-A1FA-A48F11D938F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D3290226-F129-4FB5-8899-1F138033602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5E6B9454-8DB7-4813-8F9D-FE0C21DCED29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A0D01FBF-8791-4984-A7AC-2CB23D257F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8CB5EB24-8704-4B3A-843B-32425E459097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "BD50EE7F-F604-40AB-A026-3F16B97903B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1037B00-0ED5-49E1-B6C2-9A641390C7C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en las versiones 1.10.x de Ember.js anteriores a la 1.10.1 y las versiones 1.11.x anteriores a la 1.11.2."
}
],
"id": "CVE-2015-1866",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T18:29:00.673",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7565
Vulnerability from fkie_nvd - Published: 2017-04-13 14:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emberjs | ember.js | 1.8 | |
| emberjs | ember.js | 1.8.1 | |
| emberjs | ember.js | 1.9 | |
| emberjs | ember.js | 1.9.1 | |
| emberjs | ember.js | 1.10 | |
| emberjs | ember.js | 1.10.1 | |
| emberjs | ember.js | 1.11 | |
| emberjs | ember.js | 1.11.1 | |
| emberjs | ember.js | 1.11.2 | |
| emberjs | ember.js | 1.11.3 | |
| emberjs | ember.js | 1.12 | |
| emberjs | ember.js | 1.12.1 | |
| emberjs | ember.js | 1.13 | |
| emberjs | ember.js | 1.13.1 | |
| emberjs | ember.js | 1.13.2 | |
| emberjs | ember.js | 1.13.3 | |
| emberjs | ember.js | 1.13.4 | |
| emberjs | ember.js | 1.13.5 | |
| emberjs | ember.js | 1.13.6 | |
| emberjs | ember.js | 1.13.7 | |
| emberjs | ember.js | 1.13.8 | |
| emberjs | ember.js | 1.13.9 | |
| emberjs | ember.js | 1.13.10 | |
| emberjs | ember.js | 1.13.11 | |
| emberjs | ember.js | 2.0 | |
| emberjs | ember.js | 2.0.1 | |
| emberjs | ember.js | 2.0.2 | |
| emberjs | ember.js | 2.1 | |
| emberjs | ember.js | 2.1.1 | |
| emberjs | ember.js | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8615A1CB-0FBA-4E10-BBA5-6A440BB3F609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDF2C2F-888E-46A5-8359-A6F7E224C9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C82522C3-F56A-4801-B83A-04AC651C111B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60D9D2D6-B06F-4594-8A33-A04FD03A5E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "53DF7E69-0E76-404A-AF28-0D0B6895CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D03A919D-607F-4D76-940E-5AFA80B0E28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "02C06FFD-0927-4E56-9922-4A50A5FE2252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1037B00-0ED5-49E1-B6C2-9A641390C7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2AA0AA-A329-467A-BACE-2C3F5DF55283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CEA724-355C-4B1B-B7CA-0CA83FE4F951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "289C8EE7-BCF3-4838-B4C3-9F591A9AAD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "561FC98E-E163-4016-829E-5C6DF8952494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1781B6-9346-44C6-99BC-B4D79330CF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1B6AA3-0A12-47C5-B18A-0267ECDCC7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F45E154C-3E90-4291-9915-2452BBCCB5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6C5973-AC8E-497D-A699-5528DA32FAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E20CB5A6-0A2C-4487-9080-664FBE92C64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5E74F0-BA7D-43CC-BB45-A5B172CF59A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9287178-886B-471F-B583-AA2F9050EE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D81AFC84-5175-4057-A4EC-FAA536A684E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC0B1BD-6C77-46FC-986B-55C6544369A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "85D5DE5E-6C11-45C9-9F34-35F3243E7644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B48E1D0A-452A-430C-8D16-90CC73C06CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "10C90F7E-E0FA-430B-96EF-84ED5499BBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0ED305-130C-4A9A-BCB2-49120CB82CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B910248A-05B2-4EEC-B75F-8D53525BF356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBEE7B0-CEA8-426D-AB60-F1A159A2E99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D3CE82A-0EB5-4D37-993A-08B4C9EEB71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF4A0B3-39B8-4EF0-84B4-E941783EA5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C9116C-2784-4576-8C43-B80983486FFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Ember.js 1.8.x a 1.10.x, 1.11.x en versiones anteriores a 1.11.4, 1.12.x en versiones anteriores a 1.12.2, 1.13.x en versiones anteriores a 1.13.12, 2.0.x en versiones anteriores a 2.0. 3, 2.1.x en versiones anteriores a 2.1.2 y 2.2.x en versiones anteriores a 2.2.1 permite a los atacantes remotos inyectar secuencias de comandos web o HTML."
}
],
"id": "CVE-2015-7565",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-13T14:59:00.840",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21topic/ember-security/OfyQkoSuppY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/ember-security/OfyQkoSuppY"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0046
Vulnerability from fkie_nvd - Published: 2014-02-27 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC412A0-698F-4D20-96D3-52877A8C9869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A29E6EEF-359A-495B-B68E-78C5F6B17523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "592FFC69-C059-45EF-B400-CDA60FC3D792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCB5E04-6CE1-48FD-8871-E40824401E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emberjs:ember.js:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AF0055E7-1B33-4148-BCA4-B46AE5748C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la ayuda link-to en Ember.js 1.2.x anterior a 1.2.2, 1.3.x anterior a 1.3.2 y 1.4.x anterior a 1.4.0-beta.6, cuando es utilizada en forma \"non-block\", permite a atacantes remotos inyectar script web o HTML arbitrarios a trav\u00e9s del atributo title."
}
],
"id": "CVE-2014-0046",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-27T15:55:04.907",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56965"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65579"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21topic/ember-security/1h6FRgr8lXQ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/ember-security/1h6FRgr8lXQ"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-4170 (GCVE-0-2013-4170)
Vulnerability from cvelistv5 – Published: 2022-06-30 12:38 – Updated: 2024-08-06 16:38
VLAI?
Summary
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ember-source |
Affected:
ember-source < 1.0.0.rc1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rubysec.com/advisories/CVE-2013-4170/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ember-source",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ember-source \u003c 1.0.0.rc1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view\u0027s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (\"XSS\"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T12:38:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rubysec.com/advisories/CVE-2013-4170/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ember-source",
"version": {
"version_data": [
{
"version_value": "ember-source \u003c 1.0.0.rc1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view\u0027s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (\"XSS\"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rubysec.com/advisories/CVE-2013-4170/",
"refsource": "MISC",
"url": "https://rubysec.com/advisories/CVE-2013-4170/"
},
{
"name": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"
},
{
"name": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM",
"refsource": "MISC",
"url": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4170",
"datePublished": "2022-06-30T12:38:42",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0014 (GCVE-0-2014-0014)
Vulnerability from cvelistv5 – Published: 2018-02-15 21:00 – Updated: 2024-08-06 08:58
VLAI?
Summary
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the \"{{group}}\" Helper and a crafted payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the \"{{group}}\" Helper and a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
},
{
"name": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0014",
"datePublished": "2018-02-15T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0013 (GCVE-0-2014-0013)
Vulnerability from cvelistv5 – Published: 2018-02-15 21:00 – Updated: 2024-08-06 08:58
VLAI?
Summary
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4"
},
{
"name": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0013",
"datePublished": "2018-02-15T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1866 (GCVE-0-2015-1866)
Vulnerability from cvelistv5 – Published: 2017-09-20 18:00 – Updated: 2024-08-06 04:54
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
},
{
"name": "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"name": "74185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
},
{
"name": "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"name": "74185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74185"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html",
"refsource": "CONFIRM",
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
},
{
"name": "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"name": "74185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1866",
"datePublished": "2017-09-20T18:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7565 (GCVE-0-2015-7565)
Vulnerability from cvelistv5 – Published: 2017-04-13 14:00 – Updated: 2024-08-06 07:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/OfyQkoSuppY"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-13T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/OfyQkoSuppY"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"name": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7565",
"datePublished": "2017-04-13T14:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0046 (GCVE-0-2014-0046)
Vulnerability from cvelistv5 – Published: 2014-02-27 15:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "emberjs-linkto-xss(91242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
},
{
"name": "56965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56965"
},
{
"name": "65579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/1h6FRgr8lXQ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"name": "[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "emberjs-linkto-xss(91242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
},
{
"name": "56965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56965"
},
{
"name": "65579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/1h6FRgr8lXQ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"name": "[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emberjs-linkto-xss(91242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
},
{
"name": "56965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56965"
},
{
"name": "65579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65579"
},
{
"name": "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
},
{
"name": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"name": "[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0046",
"datePublished": "2014-02-27T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4170 (GCVE-0-2013-4170)
Vulnerability from nvd – Published: 2022-06-30 12:38 – Updated: 2024-08-06 16:38
VLAI?
Summary
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ember-source |
Affected:
ember-source < 1.0.0.rc1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rubysec.com/advisories/CVE-2013-4170/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ember-source",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ember-source \u003c 1.0.0.rc1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view\u0027s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (\"XSS\"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T12:38:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rubysec.com/advisories/CVE-2013-4170/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ember-source",
"version": {
"version_data": [
{
"version_value": "ember-source \u003c 1.0.0.rc1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view\u0027s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (\"XSS\"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rubysec.com/advisories/CVE-2013-4170/",
"refsource": "MISC",
"url": "https://rubysec.com/advisories/CVE-2013-4170/"
},
{
"name": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"
},
{
"name": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM",
"refsource": "MISC",
"url": "https://groups.google.com/g/ember-security/c/dokLVwwxAdM"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4170",
"datePublished": "2022-06-30T12:38:42",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0014 (GCVE-0-2014-0014)
Vulnerability from nvd – Published: 2018-02-15 21:00 – Updated: 2024-08-06 08:58
VLAI?
Summary
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the \"{{group}}\" Helper and a crafted payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/PSE4RzTi6l4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the \"{{group}}\" Helper and a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
},
{
"name": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0014",
"datePublished": "2018-02-15T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0013 (GCVE-0-2014-0013)
Vulnerability from nvd – Published: 2018-02-15 21:00 – Updated: 2024-08-06 08:58
VLAI?
Summary
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/2kpXXCxISS4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4"
},
{
"name": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2014/01/14/ember-security-releases.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0013",
"datePublished": "2018-02-15T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1866 (GCVE-0-2015-1866)
Vulnerability from nvd – Published: 2017-09-20 18:00 – Updated: 2024-08-06 04:54
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
},
{
"name": "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"name": "74185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
},
{
"name": "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"name": "74185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74185"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html",
"refsource": "CONFIRM",
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
},
{
"name": "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"name": "74185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1866",
"datePublished": "2017-09-20T18:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7565 (GCVE-0-2015-7565)
Vulnerability from nvd – Published: 2017-04-13 14:00 – Updated: 2024-08-06 07:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/OfyQkoSuppY"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-13T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/OfyQkoSuppY"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"name": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7565",
"datePublished": "2017-04-13T14:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0046 (GCVE-0-2014-0046)
Vulnerability from nvd – Published: 2014-02-27 15:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "emberjs-linkto-xss(91242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
},
{
"name": "56965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56965"
},
{
"name": "65579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/1h6FRgr8lXQ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"name": "[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "emberjs-linkto-xss(91242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
},
{
"name": "56965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56965"
},
{
"name": "65579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/ember-security/1h6FRgr8lXQ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"name": "[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emberjs-linkto-xss(91242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
},
{
"name": "56965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56965"
},
{
"name": "65579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65579"
},
{
"name": "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
},
{
"name": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"name": "[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0046",
"datePublished": "2014-02-27T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}