Description

Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.

Remediation

References

CVE-2015-7565

Related Vulnerabilities

MediaWiki CVE-2017-0371 Vulnerability (CVE-2017-0371)

osCommerce Other Vulnerability (CVE-2006-5190)

WordPress Plugin Auctions 'upload.php' Arbitrary File Upload (2.0.1.3)

WordPress Plugin Easy Contact Form Solution Cross-Site Scripting (1.6)

WordPress 'templates.php' Cross-Site Scripting Vulnerability (0.6.2 - 2.1)

Severity

Medium

Classification

CVE-2015-7565 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities