All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| materialize-css(npm) | 0 | N/A | N/A |
CVSS Metrics
