Materialize-css vulnerable to Cross-site Scripting in tooltip component (GHSA-98f7-p5rc-jx67)

Severity:: Medium

Description

All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.0.0

References

GHSA-98f7-p5rc-jx67
snyk.io
www.npmjs.com
CVE-2019-11002
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Materialize-css vulnerable to Cross-site Scripting in tooltip component - CVE-2019-11002
Materialize-css vulnerable to Cross-site Scripting in autocomplete component (GHSA-7752-f4gf-94gc) - CVE-2019-11003
Materialize-css vulnerable to Cross-site Scripting in autocomplete component - CVE-2019-11003
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input - CVE-2022-25349

Tags:: npm; materialize-css

Anything's wrong? Let us know Last updated on August 28, 2023