VYPR
Low severityNVD Advisory· Published Feb 27, 2014· Updated Jun 17, 2026

CVE-2014-0046

CVE-2014-0046

Description

Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ember-sourceRubyGems
>= 1.2.0, < 1.2.21.2.2
ember-sourceRubyGems
>= 1.3.0, < 1.3.21.3.2
ember-sourceRubyGems
>= 1.4.0.beta.1, < 1.4.0.beta.61.4.0.beta.6

Affected products

6
  • Emberjs/Ember.js5 versions
    cpe:2.3:a:emberjs:ember.js:1.2.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:emberjs:ember.js:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:emberjs:ember.js:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:emberjs:ember.js:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:emberjs:ember.js:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:emberjs:ember.js:1.4.0:beta:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.2.0, < 1.2.2

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.