GHSA-r3xc-47qg-h929
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r3xc-47qg-h929
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-r3xc-47qg-h929/GHSA-r3xc-47qg-h929.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r3xc-47qg-h929
- Published
- 2020-09-03T17:06:09Z
- Modified
- 2021-09-28T17:38:45Z
- Summary
- Cross-Site Scripting in @ionic/core
- Details
-
Versions of
@ionic/coreprior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting (XSS). The package uses the unsafeinnerHTMLfunction without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the components: -<ion-alert>.message-<ion-searchbar>.placeholder-<ion-infinite-scroll-content>.loadingText-<ion-refresher-content>.pullingText-<ion-refresher-content>.refershingTextRecommendation
- If you are using @ionic/core 4.0.x, upgrade to 4.0.3 or later.
- If you are using @ionic/core 4.1.x, upgrade to 4.1.3 or later.
- If you are using @ionic/core 4.2.x, upgrade to 4.2.1 or later.
- If you are using @ionic/core 4.3.x, upgrade to 4.3.1 or later.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2020-08-31T18:44:31Z", "cwe_ids": [ "CWE-79" ], "severity": "HIGH", "nvd_published_at": null }- References
Affected packages
npm / @ionic/core
Package
- Name
- @ionic/core
- View open source insights on deps.dev
- Purl
- pkg:npm/%40ionic/core
npm / @ionic/core
Package
- Name
- @ionic/core
- View open source insights on deps.dev
- Purl
- pkg:npm/%40ionic/core
npm / @ionic/core
Package
- Name
- @ionic/core
- View open source insights on deps.dev
- Purl
- pkg:npm/%40ionic/core
npm / @ionic/core
Package
- Name
- @ionic/core
- View open source insights on deps.dev
- Purl
- pkg:npm/%40ionic/core