@dev-engage/engage-ionic (>=0.6.0 <=0.6.6), @ionic/angular (>=4.1.0 <=4.1.3-dev.201903261530.1ecfcd1) +2 more potentially affected by unknown CVE via @ionic/core (>=4.1.0 <=4.1.3-dev.201903261530.1ecfcd1)

@ionic/core NPM version =4.1.0, =0.6.0, =4.1.0, =4.1.3-dev.201903261530.1ecfcd1 - @ionic/pwa-elements =1.0.2 - dos-wc-library =0.6.1 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

Cross-site Scripting (XSS)

@ionic/core is vulnerable to cross-site scripting XSS. The attack exists because the unsafe innerHTML function is rendered directly on the alert-message string with the following components: .message,.placeholder, .loadingText, .pullingText, .refershingText...