Materialize-css vulnerable to Cross-site Scripting in autocomplete component
Moderate severity
GitHub Reviewed
Published
Apr 9, 2019
to the GitHub Advisory Database
•
Updated Aug 28, 2023
Description
Published to the GitHub Advisory Database
Apr 9, 2019
Reviewed
Jun 16, 2020
Last updated
Aug 28, 2023
Credits
-
erik-krogh Analyst
All versions of
materialize-cssare vulnerable to Cross-Site Scripting. Theautocompletecomponent does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
References