Materializecss: Security Vulnerabilities
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-05-01
In Materialize through 1.0.0, XSS is possible via the Tooltip feature.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-08
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-08
In Materialize through 1.0.0, XSS is possible via the Toast feature.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-08