ember-source Cross-site Scripting vulnerability
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Apr 24, 2023
Package
Affected versions
>= 1.0.0.pre4.0, < 1.0.1
>= 1.1.0, < 1.1.3
>= 1.2.0.beta.1, < 1.2.1
>= 1.3.0.beta.1, < 1.3.1
= 1.4.0-beta.1
Patched versions
1.0.1
1.1.3
1.2.1
1.3.1
1.4.0-beta.2
Description
Published by the National Vulnerability Database
Feb 15, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jan 27, 2023
Last updated
Apr 24, 2023
Credits
-
tdunlap607 Analyst
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the
{{group}}Helper and a crafted payload.References