CVE-2015-7565

medium

Published 2016-01-14 · Modified 2024-02-16

CVSS v3

6.1

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2

4.3

VIR risk

6.1

Description

ember-source Cross-site Scripting vulnerability

Exploit likelihood

71%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html

Ecosystem	Package	Vulnerable	Fixed
RubyGems	ember-source	`!< 1.8.0\|\|<~> 1.11.4`	`~> 1.11.4`
RubyGems	ember-source	`>=1.8.0,<1.11.4`	`1.11.4`
RubyGems	ember-source	`>=1.12.0,<1.12.2`	`1.12.2`
RubyGems	ember-source	`>=1.13.0,<1.13.12`	`1.13.12`
RubyGems	ember-source	`>=2.0.0,<2.0.3`	`2.0.3`
RubyGems	ember-source	`>=2.1.0,<2.1.2`	`2.1.2`
RubyGems	ember-source	`>=2.2.0,<2.2.1`	`2.2.1`

Vendor	Product	Versions
emberjs	ember.js	`1.8`
emberjs	ember.js	`1.8.1`
emberjs	ember.js	`1.9`
emberjs	ember.js	`1.9.1`
emberjs	ember.js	`1.10`
emberjs	ember.js	`1.10.1`
emberjs	ember.js	`1.11`
emberjs	ember.js	`1.11.1`
emberjs	ember.js	`1.11.2`
emberjs	ember.js	`1.11.3`
emberjs	ember.js	`1.12`
emberjs	ember.js	`1.12.1`
emberjs	ember.js	`1.13`
emberjs	ember.js	`1.13.1`
emberjs	ember.js	`1.13.2`
emberjs	ember.js	`1.13.3`
emberjs	ember.js	`1.13.4`
emberjs	ember.js	`1.13.5`
emberjs	ember.js	`1.13.6`
emberjs	ember.js	`1.13.7`
emberjs	ember.js	`1.13.8`
emberjs	ember.js	`1.13.9`
emberjs	ember.js	`1.13.10`
emberjs	ember.js	`1.13.11`
emberjs	ember.js	`2.0`
emberjs	ember.js	`2.0.1`
emberjs	ember.js	`2.0.2`
emberjs	ember.js	`2.1`
emberjs	ember.js	`2.1.1`
emberjs	ember.js	`2.2`

CWE-79

Verify integrity in audit chain (admin only). AS-IS.