Описание
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
Пакеты
Наименование
materialize-css
npm
Затронутые версииВерсия исправления
<= 1.0.0
Отсутствует
Наименование
@materializecss/materialize
npm
Затронутые версииВерсия исправления
< 1.1.0-alpha
1.1.0-alpha
Связанные уязвимости
CVSS3: 6.1
nvd
почти 7 лет назад
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature.