GHSA-4q53-fqhc-cr46
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4q53-fqhc-cr46
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-4q53-fqhc-cr46/GHSA-4q53-fqhc-cr46.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4q53-fqhc-cr46
- Aliases
-
- CVE-2014-0046
- Published
- 2018-08-28T22:33:42Z
- Modified
- 2024-11-28T05:36:23.879875Z
- Summary
- ember-source Cross-site Scripting vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.
- Database specific
{ "nvd_published_at": "2014-02-27T15:55:00Z", "cwe_ids": [ "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:58:44Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-0046
- https://github.com/emberjs/ember.js/commit/45ee8df2a0efc0afe233d6b9b17045782a2e6b2d
- https://github.com/emberjs/ember.js/commit/94b28b8773acf894c4d7d7fccf4411a706292436
- https://github.com/emberjs/ember.js/commit/ab3199e68e1d0fc3c8f7f453cd38c51fe02af90b
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91242
- https://github.com/emberjs/ember.js
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0046.yml
- https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ
- http://emberjs.com/blog/2014/02/07/ember-security-releases.html
- http://secunia.com/advisories/56965
- http://www.openwall.com/lists/oss-security/2014/02/14/6
- http://www.securityfocus.com/bid/65579
Affected packages
RubyGems / ember-source
Package
- Name
- ember-source
- Purl
- pkg:gem/ember-source
RubyGems / ember-source
Package
- Name
- ember-source
- Purl
- pkg:gem/ember-source
RubyGems / ember-source
Package
- Name
- ember-source
- Purl
- pkg:gem/ember-source