Description
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MATERIALIZECSS-2324800
https://github.com/Dogfalo/materialize/blob/v1-dev/js/autocomplete.js%23L285%20
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498
Related Vulnerabilities
CVE-2023-26156 Vulnerability in npm package chromedriver
CVE-2020-8244 Vulnerability in npm package bl
CVE-2021-23352 Vulnerability in npm package madge
CVE-2022-1295 Vulnerability in maven package org.webjars.bower:fullpage.js
CVE-2014-0086 Vulnerability in maven package org.richfaces.core:richfaces-core-impl