All versions of materialize-css
are vulnerable to Cross-Site Scripting. The autocomplete
component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.
No fix is currently available. Consider using an alternative module until a fix is made available.
CPE | Name | Operator | Version |
---|---|---|---|
@materializecss/materialize | lt | 1.1.0-alpha | |
materialize-css | le | 1.0.0 |