CVE-2022-25349

Removed by vendor...

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

materialize-css 跨站脚本漏洞

materialize-css is a CSS framework based on Material Design. A security vulnerability exists in all versions of the materialize-css package that originates from user input being parsed as HTML/JavaScript and inserted into the Document Object Model DOM, which can be exploited by an attacker to...

Cross-site Scripting (XSS)

Overview materialize-css is a CSS Framework based on Material Design. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. Thi...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2022-25349 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2022-25349 Source advisory: SNYK:JS-MATERIALIZECSS-2324800...

Cross-Site Scripting

Overview All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available...

Materialize Cross-Site Scripting Vulnerability

Materialize is a modern responsive front-end framework based on Material Design. A cross-site scripting vulnerability exists in Materialize 1.0.0 and prior versions, which stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability...

Materialize cross-site scripting vulnerability (CNVD-2019-12908)

Materialize is a modern responsive front-end framework based on Material Design. A cross-site scripting vulnerability exists in Materialize 1.0.0 and prior versions, which stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11002 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11002 Source advisory: OSV:GHSA-98F7-P5RC-JX67...

GHSA-98F7-P5RC-JX67 Materialize-css vulnerable to Cross-site Scripting in tooltip component

All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available. Consider...

Materialize-css vulnerable to Cross-site Scripting in tooltip component

All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available. Consider...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11003 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11003 Source advisory: OSV:GHSA-7752-F4GF-94GC...

Materialize-css vulnerable to Cross-site Scripting in autocomplete component

All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available...

GHSA-7752-F4GF-94GC Materialize-css vulnerable to Cross-site Scripting in autocomplete component

All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11004 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11004 Source advisory: OSV:GHSA-RG3Q-JXMP-PVJJ...

Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation

In Materialize through 1.0.0, XSS is possible via the Toast feature...

GHSA-RG3Q-JXMP-PVJJ Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation

In Materialize through 1.0.0, XSS is possible via the Toast feature...

Cross-site Scripting (XSS)

materialize is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the Toast feature...

Cross-site Scripting (XSS)

materialize is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the Autocomplete feature...

Cross-site Scripting (XSS)

materialize is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the Tooltip feature...