Materialize CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-25349	1 Materializecss	1 Materialize	2024-11-21	5.4 Medium
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.
CVE-2019-11004	1 Materializecss	1 Materialize	2024-11-21	N/A
In Materialize through 1.0.0, XSS is possible via the Toast feature.
CVE-2019-11003	1 Materializecss	1 Materialize	2024-11-21	N/A
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature.
CVE-2019-11002	1 Materializecss	1 Materialize	2024-11-21	N/A
In Materialize through 1.0.0, XSS is possible via the Tooltip feature.

Page 1 of 1.