Security Advisory

CVE-2022-25349

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-01 15:30:22

Last updated 2024-09-17 00:55:44

Assigner snyk

State PUBLISHED

Description

All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.

← Browse all CVEs View on cve.org ↗