Hyder Ali

**Name of the Vulnerable Software and Affected Versions** Ember.js versions 1.2.x through 1.2.1 Ember.js versions 1.3.x through 1.3.1 Ember.js versions 1.4.x through 1.4.0-beta.5 **Description** A cross-site scripting (XSS) issue exists in the link-to helper of Ember.js. This allows remote attackers to inject arbitrary web script or HTML via the title attribute when the helper is used in non-block form. **Recommendations** For Ember.js versions 1.2.x through 1.2.1, update to version 1.2.2 or later. For Ember.js versions 1.3.x through 1.3.1, update to version 1.3.2 or later. For Ember.js versions 1.4.x through 1.4.0-beta.5, update to version 1.4.0-beta.6 or later.