Materialize-css vulnerable to Cross-site Scripting in tooltip component (GHSA-98f7-p5rc-jx67)

Description

All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.0.0

References

• GHSA-98f7-p5rc-jx67
• snyk.io
• www.npmjs.com
• CVE-2019-11002
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input - CVE-2022-25349
• @hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed - CVE-2024-32652
• jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext - CVE-2024-28176
• url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. - CVE-2022-0691

Tags:

npm

materialize-css