4 matches found
CVE-2019-11004
In Materialize through 1.0.0, XSS is possible via the Toast feature...
5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11004 via materialize-css (>=0.100.2 <=1.0.0)
materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11004 Source advisory: OSV:GHSA-RG3Q-JXMP-PVJJ...
CVE-2019-11004
In Materialize through 1.0.0, XSS is possible via the Toast feature...
CVE-2019-11004
Materialize (up to 1.0.0) is vulnerable to cross-site scripting via the Toast feature. The issue is XSS in the Toast UI component, allowing injection of arbitrary JavaScript into a victim’s browser. Connected sources confirm this across multiple feeds (including Red Hat/EUVD/GHSA references). The...