Описание
Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation
In Materialize through 1.0.0, XSS is possible via the Toast feature.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-11004
- https://github.com/Dogfalo/materialize/issues/6286
- https://github.com/Dogfalo/materialize/issues/6331#issuecomment-549080183
- https://github.com/materializecss/materialize/pull/49
- https://github.com/samschurter/materialize/commit/3aae4cc9bb2b58c337bf25d2f04f129a2a0fa78f
- https://github.com/advisories/GHSA-rg3q-jxmp-pvjj
Пакеты
Наименование
materialize-css
npm
Затронутые версииВерсия исправления
<= 1.0.0
Отсутствует
Наименование
@materializecss/materialize
npm
Затронутые версииВерсия исправления
< 1.1.0-alpha
1.1.0-alpha
Связанные уязвимости
CVSS3: 6.1
nvd
почти 7 лет назад
In Materialize through 1.0.0, XSS is possible via the Toast feature.