Materialize-css vulnerable to Cross-site Scripting in tooltip component
- Severity:
- Medium
Description
All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.
Recommendation
Update the @materializecss/materialize package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.1.0-alpha
- Patched version(s): 1.1.0-alpha
References
Related Issues
- Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes - CVE-2024-6485
- react-native-keys insecurely stores encryption cipher and Base64 chunks - CVE-2025-45001
- nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR - CVE-2024-34343
- Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] - CVE-2025-27793
- Tags:
- npm
- @materializecss/materialize
Anything's wrong? Let us know Last updated on August 28, 2023