Описание
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| materialize | removed | package |
Примечания
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498
https://security.snyk.io/vuln/SNYK-JS-MATERIALIZECSS-2324800
https://github.com/materializecss/materialize/blob/main/js/autocomplete.js#L310
https://github.com/Dogfalo/materialize/blob/v1-dev/js/autocomplete.js#L285
Связанные уязвимости
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input