Description
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Custom Fields (ACF) PHP Object Injection (6.0.7)
WordPress Plugin WP Telegram (Auto Post and Notifications) Unspecified Vulnerability (2.1.8)
WordPress Plugin CF7 Invisible reCAPTCHA Cross-Site Request Forgery (1.3.3)
WordPress Plugin BulletProof Security Cross-Site Scripting (.53.3)
WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)