224 matches found
Cross-Site Scripting
Overview Versions of @ionic/core prior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the...
JVN#60497148: "an" App for iOS vulnerable to directory traversal
"an" App for iOS provided by PERSOL CAREER CO., LTD. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...
iChain Insurance Wallet App for iOS vulnerable to directory traversal
Overview iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/C...
JVN#11622218: iChain Insurance Wallet App for iOS vulnerable to directory traversal
iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device...
@evan.network/angular-gulp (>=1.2.3 <=2.1.3), @evan.network/ui-angular-libs (=1.1.0) +10 more potentially affected by CVE-2018-16202 via cordova-plugin-ionic-webview (=1.2.1)
cordova-plugin-ionic-webview NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on cordova-plugin-ionic-webview and may be impacted: - @evan.network/angular-gulp =1.2.3, =0.0.1, =0.0.1, =5.0.1, =0.0.8, =0.0.1, =0.0.1, =1.0.0, =0.0.1, =0.0....
Path Traversal in cordova-plugin-ionic-webview
Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app...
GHSA-XWJH-CP99-CJ8Q Path Traversal in cordova-plugin-ionic-webview
Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app...
JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal
HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...
CVE-2018-16202
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0 allows remote attackers to access arbitrary files via unspecified vectors...
CVE-2018-16202
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0 allows remote attackers to access arbitrary files via unspecified vectors...
Directory traversal
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0 allows remote attackers to access arbitrary files via unspecified vectors...
CVE-2018-16202
CVE-2018-16202 is a directory/path traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.*). The issue enables access to local files from a compromised app, via vulnerable path handling in the package (and related Ionic ZIP parsing behavior) tha...
cordova-plugin-ionic-webview vulnerable to path traversal
Overview cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . This vulnerability was first reported to npm, Inc. by the below reporters then also reported to IPA. Based on the coordination request made by the reporters, JPCERT/CC coordinated with npm...
JVN#69812763: cordova-plugin-ionic-webview vulnerable to path traversal
cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a result, contents of the file may be disclosed. Solution Recreate iOS application...
Ionic Team Cordova plugin iOS Keychain Information Disclosure Vulnerability
Ionic Team Cordova plugin iOS Keychain is an open source Cordova mobile application development platform plugin for iOS password manager. Ionic Team Cordova plugin iOS Keychain commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf An information disclosure vulnerability exists in the CDVKeychain.m file...
CVE-2018-1000123
Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files CWE-532 vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable...
CVE-2018-1000123
Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files CWE-532 vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable...
CVE-2018-1000123
The vulnerability CVE-2018-1000123 affects the Ionic Cordova plugin for iOS Keychain, specifically the CDVKeychain.m file in versions before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf. It describes an Information Exposure Through Log Files (CWE-532) that can leak login credentials and other ...
ionicframework.com XSS vulnerability
Open Bug Bounty ID: OBB-573970 Description| Value ---|--- Affected Website:| ionicframework.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
bestnaturalstoneprices.com XSS vulnerability
Vulnerable URL: http://www.bestnaturalstoneprices.com/shop.asp?producer=Ionic-Stone=1"...