Description

Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.

Remediation

References

CVE-2015-7565

Related Vulnerabilities

WordPress Plugin Advanced Dynamic Pricing for WooCommerce Cross-Site Request Forgery (4.1.3)

WordPress Plugin Advanced Access Manager Unspecified Vulnerability (5.9.8.1)

Ruby Improper Input Validation Vulnerability (CVE-2008-3790)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2008-1672)

OpenSSL Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-4044)

Severity

Medium

Classification

CVE-2015-7565 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities