Malicious code in concurrently-local-antares-materialize (npm)

The package concurrently-local-antares-materialize was found to contain malicious code...

Malicious code in zenith-materialize-polaris-exobiology (npm)

The package zenith-materialize-polaris-exobiology was found to contain malicious code...

Malicious code in colors-materialize-astrochemistry-figures (npm)

The package colors-materialize-astrochemistry-figures was found to contain malicious code...

Malicious code in spectron-webdriver-materialize-string-planckscale (npm)

The package spectron-webdriver-materialize-string-planckscale was found to contain malicious code...

MAL-2025-40509 Malicious code in yildun-materialize-publish-cordelia (npm)

The package yildun-materialize-publish-cordelia was found to contain malicious code...

MAL-2025-26425 Malicious code in mini-css-extract-plugin-materialize-technocracy-venus (npm)

The package mini-css-extract-plugin-materialize-technocracy-venus was found to contain malicious code...

Malicious code in mini-css-extract-plugin-materialize-technocracy-venus (npm)

The package mini-css-extract-plugin-materialize-technocracy-venus was found to contain malicious code...

MAL-2025-17466 Malicious code in concurrently-local-antares-materialize (npm)

The package concurrently-local-antares-materialize was found to contain malicious code...

MAL-2025-26002 Malicious code in materialize-inflation-graviton-on (npm)

The package materialize-inflation-graviton-on was found to contain malicious code...

Malicious code in materialize-dendrochronology-atlas-technocracy (npm)

The package materialize-dendrochronology-atlas-technocracy was found to contain malicious code...

MAL-2025-17295 Malicious code in colors-materialize-astrochemistry-figures (npm)

The package colors-materialize-astrochemistry-figures was found to contain malicious code...

CVE-2019-11002

In Materialize through 1.0.0, XSS is possible via the Tooltip feature...

Cross-site Scripting (XSS)

materialize-css is vulnerable to cross-site scripting. The highlight function of autocomplete.js does not properly escape the user input such as , allowing an attacker to inject and execute malicious javascript...

GHSA-7JVX-F994-RFW2 materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2022-25349 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2022-25349 Source advisory: OSV:GHSA-7JVX-F994-RFW2...

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

Cross site scripting

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

CVE-2022-25349

CVE-2022-25349 affects materialize-css: XSS caused by improper escaping of user input in the autocomplete component, allowing input such as to be parsed as HTML/JavaScript and executed in the DOM. Connected sources (Veracode, OSV, SNYK) confirm all versions are vulnerable with the root cause in ...