All versions of materialize-css
are vulnerable to Cross-Site Scripting. The tooltip
component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.
No fix is currently available. Consider using an alternative module until a fix is made available.