Vulnerabilities > Emberjs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2013-4170 | Cross-site Scripting vulnerability in Emberjs Ember.Js In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. | 2.6 |
| 2018-02-15 | CVE-2014-0014 | Cross-site Scripting vulnerability in Emberjs Ember.Js Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload. | 5.4 |
| 2018-02-15 | CVE-2014-0013 | Cross-site Scripting vulnerability in Emberjs Ember.Js Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. | 5.4 |
| 2017-09-20 | CVE-2015-1866 | Cross-site Scripting vulnerability in Emberjs Ember.Js 1.10.0/1.11.0/1.11.1 Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. | 4.3 |
| 2017-04-13 | CVE-2015-7565 | Cross-site Scripting vulnerability in Emberjs Ember.Js Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |