Lucene search
Lucianot54NODEJS:817HistoryApr 17, 2019 - 6:54 p.m.
Cross-Site Scripting
2019-04-1718:54:19
lucianot54
www.npmjs.com
9
0.001 Low
EPSS
Percentile
37.5%
Overview
All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| materialize-css | ge | 0.0.0 |
Related
cve
cve
CVE-2019-11003
2019-04-08 18:29:00
veracode
veracode
Cross-site Scripting (XSS)
2019-04-09 03:01:55
prion
prion
Security feature bypass
2019-04-08 18:29:00
github
github
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
2019-04-09 19:44:38
nvd
nvd
CVE-2019-11003
2019-04-08 18:29:00
osv
osv
CVE-2019-11003
2019-04-08 18:29:00
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
2019-04-09 19:44:38
cvelist
cvelist
CVE-2019-11003
2019-04-08 17:45:54