Dogfalo/materialize

Dogfalo/materialize

materializecss.com

Releases44

Frequency1 month 2 days

Last Release almost 8 years ago

Stars38.9K

Materialize, a CSS Framework based on Material Design

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-25349 ↗	May 1, 2022Sunday, 1 May 2022, 16:15	5.4 MEDIUM	4.3 MEDIUM
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.
CVE-2019-11002 ↗	Apr 8, 2019Monday, 8 April 2019, 18:29	—	4.3 MEDIUM
In Materialize through 1.0.0, XSS is possible via the Tooltip feature.
CVE-2019-11003 ↗	Apr 8, 2019Monday, 8 April 2019, 18:29	—	4.3 MEDIUM
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature.
CVE-2019-11004 ↗	Apr 8, 2019Monday, 8 April 2019, 18:29	—	4.3 MEDIUM
In Materialize through 1.0.0, XSS is possible via the Toast feature.