CVE-2019-11003

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...

EUVD-2025-177939

Malicious code in materialize-framework-electron-builder-enceladus npm...

Cross-site Scripting (XSS)

Overview materialize-css is a CSS Framework based on Material Design. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. Thi...

Materialize Cross-Site Scripting Vulnerability

Materialize is a modern responsive front-end framework based on Material Design. A cross-site scripting vulnerability exists in Materialize 1.0.0 and prior versions, which stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability...

Materialize cross-site scripting vulnerability (CNVD-2019-12908)

Materialize is a modern responsive front-end framework based on Material Design. A cross-site scripting vulnerability exists in Materialize 1.0.0 and prior versions, which stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11002 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11002 Source advisory: OSV:GHSA-98F7-P5RC-JX67...

GHSA-RG3Q-JXMP-PVJJ Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation

In Materialize through 1.0.0, XSS is possible via the Toast feature...