CVE-2015-7565
MEDIUMEmber.js <1.11.4, <1.12.2, <1.13.12, <2.0.3, <2.1.2, <2.2.1 - Cross-Site Scripting
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html
Mailing List x_refsource_confirm
https://groups.google.com/forum/#%21topic/ember-security/OfyQkoSuppY
Scores
CVSS v3
6.1
EPSS
0.0025
EPSS Percentile
48.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (31)
emberjs/ember.js
1.8
emberjs/ember.js
1.8.1
emberjs/ember.js
1.9
emberjs/ember.js
1.9.1
emberjs/ember.js
1.10
emberjs/ember.js
1.10.1
emberjs/ember.js
1.11
emberjs/ember.js
1.11.1
emberjs/ember.js
1.11.2
emberjs/ember.js
1.11.3
... and 21 more
Published
Apr 13, 2017
Tracked Since
Feb 18, 2026