Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4ZjctcDVyYy1qeDY3

Moderate EPSS: 0.00244% (0.47665 Percentile) EPSS:
Permalink JSON

Materialize-css vulnerable to Cross-site Scripting in tooltip component

Affected Packages Affected Versions Fixed Versions
npm:@materializecss/materialize
PURL: pkg:npm/%40materializecss%2Fmaterialize
< 1.1.0-alpha 1.1.0-alpha
2 Dependent packages
56 Dependent repositories
13,220 Downloads last month

Affected Version Ranges

All affected versions

1.0.0

All unaffected versions

1.1.0, 1.2.0, 1.2.1, 1.2.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2
npm:materialize-css
PURL: pkg:npm/materialize-css
<= 1.0.0 No known fixed version
379 Dependent packages
27,491 Dependent repositories
129,202 Downloads last month

Affected Version Ranges

All affected versions

0.95.3, 0.96.1, 0.97.1, 0.97.2, 0.97.3, 0.97.4, 0.97.5, 0.97.6, 0.97.7, 0.97.8, 0.98.0, 0.98.1, 0.98.2, 0.99.0, 0.100.0, 0.100.1, 0.100.2, 1.0.0, 1.0.0-alpha.1, 1.0.0-alpha.2, 1.0.0-alpha.3, 1.0.0-alpha.4, 1.0.0-beta, 1.0.0-rc.1, 1.0.0-rc.2

All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

References:

Identifiers

GHSA-98f7-p5rc-jx67

CVE-2019-11002

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00244

EPSS Percentile: 0.47665

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Dogfalo/materialize

Date and time

Published

over 6 years ago

Updated

about 2 years ago

API

JSON