materialize is vulnerable to cross-site scripting (XSS) attacks. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the Autocomplete feature.
CPE | Name | Operator | Version |
---|---|---|---|
materialize | le | 1.0.0 | |
materialize-css | le | 1.0.0 | |
materialize-css | le | 1.0.0 | |
materialize | le | 1.0.0-rc.2 | |
materialize | le | 0.97.6 |