materialize-css is vulnerable to cross-site scripting. The _highlight
function of autocomplete.js
does not properly escape the user input such as <not-a-tag />
, allowing an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
materialize-css | le | 1.0.0 | |
materialize-css | le | 1.0.0 | |
materialize-css | le | 1.0.0 | |
materialize-css | le | 1.0.0 |