materialize-css@0.97.6 vulnerabilities

Builds Materialize distribution packages

Direct Vulnerabilities

Known vulnerabilities in the materialize-css package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Cross-site Scripting (XSS)

materialize-css is a CSS Framework based on Material Design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for materialize-css.

*
  • M
Cross-site Scripting (XSS)

materialize-css is a CSS Framework based on Material Design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Toast feature.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for materialize-css.

*
  • M
Cross-site Scripting (XSS)

materialize-css is a CSS Framework based on Material Design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to unescaped text being inserted into the Document Object Model (DOM).

A vulnerability can arise when user input is provided to the tooltip component. Typically "safe" data is used as part of this feature such as application data generated server-side. However there are cases where it may be reasonable to use user generated content. As such, this could allow a malicious user to pass a specially crafted JavaScript payload and render them within the element.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for materialize-css.

*
  • M
Cross-site Scripting (XSS)

materialize-css is a CSS Framework based on Material Design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to unescaped text being inserted into the Document Object Model (DOM).

A vulnerability can arise when user input is provided to the autocomplete component. Typically "safe" data is used as part of this feature such as application links and urls. However there are cases where it may be reasonable to use user generated content. As such, this could allow a malicious user to pass a specially crafted JavaScript payload and render them within the element.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for materialize-css.

*