CVE-2015-1866

Опубликовано: 20 сент. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.

Ссылки

http://www.openwall.com/lists/oss-security/2015/04/14/11
Exploit
Mailing List
Mitigation
Patch
Third Party Advisory
http://www.securityfocus.com/bid/74185
Third Party Advisory
VDB Entry
https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/14/11
Exploit
Mailing List
Mitigation
Patch
Third Party Advisory
http://www.securityfocus.com/bid/74185
Third Party Advisory
VDB Entry
https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:emberjs:ember.js:1.10.0:*:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.10.0:beta1:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.10.0:beta2:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.10.0:beta3:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.10.0:beta4:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.11.0:*:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.11.0:beta1:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.11.0:beta2:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.11.0:beta3:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.11.0:beta4:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.11.0:beta5:*:*:*:*:*:*

cpe:2.3:a:emberjs:ember.js:1.11.1:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.0033

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mp78-r56v-45qc