Vulnerability Details CVE-2022-25349
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 4.3
References
- https://github.com/Dogfalo/materialize/blob/v1-dev/js/autocomplete.js%23L285%20
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498
- https://snyk.io/vuln/SNYK-JS-MATERIALIZECSS-2324800
- https://github.com/Dogfalo/materialize/blob/v1-dev/js/autocomplete.js%23L285%20
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498
- https://snyk.io/vuln/SNYK-JS-MATERIALIZECSS-2324800
Products affected by CVE-2022-25349
-
cpe:2.3:a:materializecss:materialize:0.100.0
-
cpe:2.3:a:materializecss:materialize:0.100.1
-
cpe:2.3:a:materializecss:materialize:0.100.2
-
cpe:2.3:a:materializecss:materialize:0.62
-
cpe:2.3:a:materializecss:materialize:0.68
-
cpe:2.3:a:materializecss:materialize:0.69
-
cpe:2.3:a:materializecss:materialize:0.81
-
cpe:2.3:a:materializecss:materialize:0.82
-
cpe:2.3:a:materializecss:materialize:0.9
-
cpe:2.3:a:materializecss:materialize:0.91
-
cpe:2.3:a:materializecss:materialize:0.92.0
-
cpe:2.3:a:materializecss:materialize:0.92.1
-
cpe:2.3:a:materializecss:materialize:0.93.0
-
cpe:2.3:a:materializecss:materialize:0.93.1
-
cpe:2.3:a:materializecss:materialize:0.94.0
-
cpe:2.3:a:materializecss:materialize:0.94.1
-
cpe:2.3:a:materializecss:materialize:0.94.2
-
cpe:2.3:a:materializecss:materialize:0.95.0
-
cpe:2.3:a:materializecss:materialize:0.95.1
-
cpe:2.3:a:materializecss:materialize:0.95.2
-
cpe:2.3:a:materializecss:materialize:0.95.3
-
cpe:2.3:a:materializecss:materialize:0.96.0
-
cpe:2.3:a:materializecss:materialize:0.96.1
-
cpe:2.3:a:materializecss:materialize:0.97.0
-
cpe:2.3:a:materializecss:materialize:0.97.1
-
cpe:2.3:a:materializecss:materialize:0.97.2
-
cpe:2.3:a:materializecss:materialize:0.97.3
-
cpe:2.3:a:materializecss:materialize:0.97.4
-
cpe:2.3:a:materializecss:materialize:0.97.5
-
cpe:2.3:a:materializecss:materialize:0.97.6
-
cpe:2.3:a:materializecss:materialize:0.97.7
-
cpe:2.3:a:materializecss:materialize:0.97.8
-
cpe:2.3:a:materializecss:materialize:0.98.0
-
cpe:2.3:a:materializecss:materialize:0.98.1
-
cpe:2.3:a:materializecss:materialize:0.98.2
-
cpe:2.3:a:materializecss:materialize:0.99.0
-
cpe:2.3:a:materializecss:materialize:1.0.0