CVE-2022-25349

CVE-2022-25349 affects materialize-css: XSS caused by improper escaping of user input in the autocomplete component, allowing input such as to be parsed as HTML/JavaScript and executed in the DOM. Connected sources (Veracode, OSV, SNYK) confirm all versions are vulnerable with the root cause in ...

CVE-2019-11002

Materialize up to 1.0.0 is vulnerable to Cross-Site Scripting via the Tooltip component. The vulnerability arises from insufficient sanitization of user input in the tooltip, allowing attacker-controlled content to be rendered as JavaScript. Multiple sources (including Red Hat/Veracode and OSV/PR...

CVE-2019-11003

Materialize up to version 1.0.0 is susceptible to Cross-Site Scripting via the Autocomplete feature. The root cause is insufficient sanitization of user input in the Autocomplete component, enabling arbitrary JavaScript execution when rendered. Affected: Materialize (frontend framework) using the...

CVE-2019-11004

Materialize (up to 1.0.0) is vulnerable to cross-site scripting via the Toast feature. The issue is XSS in the Toast UI component, allowing injection of arbitrary JavaScript into a victim’s browser. Connected sources confirm this across multiple feeds (including Red Hat/EUVD/GHSA references). The...