Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
References
Link | Resource |
---|---|
http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html | Release Notes Vendor Advisory |
https://groups.google.com/forum/#%21topic/ember-security/OfyQkoSuppY |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:27
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-04-13 14:59
Updated : 2024-02-28 15:44
NVD link : CVE-2015-7565
Mitre link : CVE-2015-7565
CVE.ORG link : CVE-2015-7565
JSON object : View
Products Affected
emberjs
- ember.js
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')