materialize-css@0.98.2 vulnerabilities

materialize-css is a CSS Framework based on Material Design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.

There is no fixed version for materialize-css.

materialize-css is a CSS Framework based on Material Design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Toast feature.

There is no fixed version for materialize-css.

materialize-css is a CSS Framework based on Material Design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to unescaped text being inserted into the Document Object Model (DOM).

A vulnerability can arise when user input is provided to the tooltip component. Typically "safe" data is used as part of this feature such as application data generated server-side. However there are cases where it may be reasonable to use user generated content. As such, this could allow a malicious user to pass a specially crafted JavaScript payload and render them within the element.

There is no fixed version for materialize-css.

materialize-css is a CSS Framework based on Material Design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to unescaped text being inserted into the Document Object Model (DOM).

A vulnerability can arise when user input is provided to the autocomplete component. Typically "safe" data is used as part of this feature such as application links and urls. However there are cases where it may be reasonable to use user generated content. As such, this could allow a malicious user to pass a specially crafted JavaScript payload and render them within the element.

There is no fixed version for materialize-css.