CVE-2013-4170 – ember-source

Package

Manager: gem
Name: ember-source
Vulnerable Version: >=0 <1.0.0.rc1.1 || =1.0.0.rc2.0 || >=1.0.0.rc2.0 <1.0.0.rc2.1 || =1.0.0.rc3.0 || >=1.0.0.rc3.0 <1.0.0.rc3.1 || =1.0.0.rc4.0 || >=1.0.0.rc4.0 <1.0.0.rc4.1 || =1.0.0.rc5.0 || >=1.0.0.rc5.0 <1.0.0.rc5.1 || =1.0.0.rc6.0 || >=1.0.0.rc6.0 <1.0.0.rc6.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00318 pctl0.54282

Details

Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.

Metadata

Created: 2022-07-01T00:01:11Z
Modified: 2023-01-26T22:40:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-5m48-c37x-f792/GHSA-5m48-c37x-f792.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-5m48-c37x-f792
Finding: F008
Auto approve: 1