Upstream information

CVE-2014-0014 at MITRE


Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.

SUSE information

Overall state of this security issue: Resolved

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

CVSS v2 Scores
  National Vulnerability Database
Base Score 3.5
Vector AV:N/AC:M/Au:S/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 1112142 [RESOLVED / FIXED], 1112143 [RESOLVED / FIXED], 1112144 [RESOLVED / FIXED], 1112146 [RESOLVED / FIXED], 1112148 [RESOLVED / FIXED], 1112150 [RESOLVED / WORKSFORME], 1112152 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Fri Feb 16 01:15:13 2018
CVE page last modified: Fri Oct 7 12:46:39 2022