ADVISORIES
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
PATCHED VERSIONS
- ~> 1.0.0.rc1.1
- ~> 1.0.0.rc2.1
- ~> 1.0.0.rc3.1
- ~> 1.0.0.rc4.1
- ~> 1.0.0.rc5.1
- >= 1.0.0.rc6.1
DESCRIPTION
In general, Ember.js escapes or strips any user-supplied content
before inserting it in strings that will be sent to innerHTML.
However, the tagName
property of an Ember.View
was inserted into
such a string without being sanitized. This means that if an
application assigns a view's tagName
to user-supplied data, a
specially-crafted payload could execute arbitrary JavaScript in the
context of the current domain ("XSS").
This vulnerability only affects applications that assign or bind
user-provided content to tagName
.