3 matches found
5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11003 via materialize-css (>=0.100.2 <=1.0.0)
materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11003 Source advisory: OSV:GHSA-7752-F4GF-94GC...
CVE-2019-11003
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...
CVE-2019-11003
Materialize up to version 1.0.0 is susceptible to Cross-Site Scripting via the Autocomplete feature. The root cause is insufficient sanitization of user input in the Autocomplete component, enabling arbitrary JavaScript execution when rendered. Affected: Materialize (frontend framework) using the...