Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:emberjs:ember.js:0.9.7.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-4170 |
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. Published: June 30, 2022; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 2.6 LOW |