{"vulnerability": "cve-2013-4170", "sightings": [{"uuid": "a3114660-eaa6-49d5-89e8-5b8e57fe61b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-4170", "type": "seen", "source": "https://t.me/cibsecurity/45408", "content": "\u203c CVE-2013-4170 \u203c\n\nIn general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (\"XSS\"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T16:38:38.000000Z"}]}