Materialize-css vulnerable to Cross-site Scripting in autocomplete component (GHSA-7752-f4gf-94gc)

Severity:: Medium

Description

All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.0.0

References

GHSA-7752-f4gf-94gc
snyk.io
CVE-2019-11003
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability - CVE-2024-35255
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection (GHSA-h4j5-c7cj-74xg) - CVE-2020-28502
Materialize-css vulnerable to Cross-site Scripting in tooltip component (GHSA-98f7-p5rc-jx67) - CVE-2019-11002
Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation (GHSA-rg3q-jxmp-pvjj) - CVE-2019-11004

Tags:: npm; materialize-css

Anything's wrong? Let us know Last updated on August 28, 2023