@aikuma/webcomponents (=0.0.1), @canastro/eva-ui (=0.0.1) +39 more potentially affected by unknown CVE via @ionic/core (>=0.0.2-42 <=4.0.2)

@ionic/core NPM version =0.0.2-42, =0.5.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.2.1, =1.0.0, =0.0.2, =0.0.1, =0.2.0-5, =0.2.0-6 - @logisticinfotech/ionic4-datepicker =1.0.1 - @modus/ionic-vue =3.0.0-beta.1 - @openchemistry/molecule =0.2.6 and more Source cves: unknown CVE Source advisory:...

@dev-engage/engage-ionic (>=0.6.0 <=0.6.6), @ionic/angular (>=4.1.0 <=4.1.3-dev.201903261530.1ecfcd1) +2 more potentially affected by unknown CVE via @ionic/core (>=4.1.0 <=4.1.3-dev.201903261530.1ecfcd1)

@ionic/core NPM version =4.1.0, =0.6.0, =4.1.0, =4.1.3-dev.201903261530.1ecfcd1 - @ionic/pwa-elements =1.0.2 - dos-wc-library =0.6.1 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

@ionic/angular (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4), dos-wc-library (>=0.7.7 <=0.7.21) potentially affected by unknown CVE via @ionic/core (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4)

@ionic/core NPM version =4.3.0, =4.3.0, =0.7.7, =0.7.21 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

GHSA-R3XC-47QG-H929 Cross-Site Scripting in @ionic/core

Versions of @ionic/core prior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the components: ...

Cross-Site Scripting in @ionic/core

Versions of @ionic/core prior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the components: ...

@ccrpc/tip (>=0.1.0 <=0.3.2), @ccrpc/webmapgl (>=0.10.0 <=0.13.0) +6 more potentially affected by unknown CVE via @ionic/core (>=4.2.0 <=4.2.1-dev.201904231454.26ca72c)

@ionic/core NPM version =4.2.0, =0.1.0, =0.10.0, =4.2.0, =4.2.0, =4.2.0, =2.2.3, =0.9.0, =0.12.2 - dos-wc-library =0.7.10 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

Cross-site Scripting (XSS)

@ionic/core is vulnerable to cross-site scripting XSS. The attack exists because the unsafe innerHTML function is rendered directly on the alert-message string with the following components: .message,.placeholder, .loadingText, .pullingText, .refershingText...

Cross-Site Scripting

Overview Versions of @ionic/core prior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the...