CVE-2015-7565
MEDIUM6.1EPSS 0.25%ember-source Cross-site Scripting vulnerability
Published: 8/28/2018Modified: 2/16/2024
Also known as:GHSA-m3q7-rj8g-m457
Description
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
Affected packages (1)
- RubyGems/ember-source>= 1.8.0, < 1.11.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (4)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7565
- WEBhttp://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2015-7565.yml
- WEBhttps://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY