Description

Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.

Remediation

References

CVE-2015-7565

Related Vulnerabilities

WordPress Plugin Job Manager Security Bypass (0.7.25)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.27)

MySQL CVE-2016-9840 Vulnerability (CVE-2016-9840)

Jboss EAP CVE-2012-5626 Vulnerability (CVE-2012-5626)

PHP Incorrect Conversion between Numeric Types Vulnerability (CVE-2016-3074)

Severity

Medium

Classification

CVE-2015-7565 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities