Lucene search
GoogleOSV:GHSA-7752-F4GF-94GCHistoryApr 09, 2019 - 7:44 p.m.
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
2019-04-0919:44:38
Google
osv.dev
3
0.001 Low
EPSS
Percentile
37.5%
All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @materializecss/materialize | lt | 1.1.0-alpha | |
| materialize-css | le | 1.0.0 |
Related
cve
cve
CVE-2019-11003
2019-04-08 18:29:00
nodejs
nodejs
Cross-Site Scripting
2019-04-17 18:54:19
veracode
veracode
Cross-site Scripting (XSS)
2019-04-09 03:01:55
prion
prion
Security feature bypass
2019-04-08 18:29:00
github
github
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
2019-04-09 19:44:38
nvd
nvd
CVE-2019-11003
2019-04-08 18:29:00
osv
osv
CVE-2019-11003
2019-04-08 18:29:00
cvelist
cvelist
CVE-2019-11003
2019-04-08 17:45:54