Vulnerability Database
296,137
Total vulnerabilities in the database
Cross-Site Scripting in @ionic/core
Versions of @ionic/core prior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting (XSS). The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the components:
<ion-alert>.message<ion-searchbar>.placeholder<ion-infinite-scroll-content>.loadingText<ion-refresher-content>.pullingText<ion-refresher-content>.refershingText
Recommendation
- If you are using @ionic/core 4.0.x, upgrade to 4.0.3 or later.
- If you are using @ionic/core 4.1.x, upgrade to 4.1.3 or later.
- If you are using @ionic/core 4.2.x, upgrade to 4.2.1 or later.
- If you are using @ionic/core 4.3.x, upgrade to 4.3.1 or later.
| Software | From | Fixed in |
|---|---|---|
@ionic / core
|
- | 4.0.3 |
|
@ionic / core
|
4.1.0 | 4.1.3 |
|
@ionic / core
|
4.2.0 | 4.2.1 |
|
@ionic / core
|
4.3.0 | 4.3.1 |