GHSA-4q53-fqhc-cr46

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-4q53-fqhc-cr46/GHSA-4q53-fqhc-cr46.json
Aliases
  • CVE-2014-0046
Published
2018-08-28T22:33:42Z
Modified
2022-11-22T01:03:20.093110Z
Details

Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.

References

Affected packages

RubyGems / ember-source

ember-source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.0
Fixed
1.2.2

Affected versions

1.*

1.2.0
1.2.0.1
1.2.1.1

RubyGems / ember-source

ember-source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.3.0
Fixed
1.3.2

Affected versions

1.*

1.3.0
1.3.1.1