Knockout JS libraries vulnerable to data-bind injection
These KnockoutJS libraries are vulnerable to injection attacks via 'data-bind'. If an attacker can control, the 'data-bind' property in the HTML markup code(which is possible sometimes), the vulnerable versions of this library evals them in the process of binding that data.
By skeptic_fx
Tested on 3 browsers