VIR Vulnerability Intelligence Relay

CVE-2015-1866

medium
Published 2015-04-14 · Modified 2024-02-16
CVSS v3
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v2
4.3
VIR risk
6.1

Description

ember-source vulnerable to Cross-site Scripting

Predictions

Exploit likelihood
71%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.openwall.com/lists/oss-security/2015/04/14/11

Package impact
EcosystemPackageVulnerableFixed
ruby RubyGemsember-source!< 1.10.0||<~> 1.10.1~> 1.10.1
ruby RubyGemsember-source>=1.10.0,<1.10.11.10.1
ruby RubyGemsember-source>=1.11.0,<1.11.21.11.2

Application impact
VendorProductVersionsFixed
emberjsember.js1.10.0
emberjsember.js1.11.0
emberjsember.js1.11.1

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.