VYPR
Medium severity5.4NVD Advisory· Published Feb 15, 2018· Updated Jun 17, 2026

CVE-2014-0014

CVE-2014-0014

Description

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ember-sourceRubyGems
>= 1.0.0.pre4.0, < 1.0.11.0.1
ember-sourceRubyGems
>= 1.1.0, < 1.1.31.1.3
ember-sourceRubyGems
>= 1.2.0.beta.1, < 1.2.11.2.1
ember-sourceRubyGems
>= 1.3.0.beta.1, < 1.3.11.3.1
ember-sourceRubyGems
>= 1.4.0-beta.1, < 1.4.0-beta.21.4.0-beta.2

Affected products

1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.