materialize-css-1.0.0.tgz: 4 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - materialize-css-1.0.0.tgz

Builds Materialize distribution packages

Library home page: https://registry.npmjs.org/materialize-css/-/materialize-css-1.0.0.tgz

Path to dependency file: /packages/node/base/package.json

Path to vulnerable library: /packages/node/base/node_modules/materialize-css/package.json,/packages/node/twistcli_test/node_modules/materialize-css/package.json

Found in HEAD commit: d42725f4065c555d9b0a227fdb42ad5e87b8d984

Vulnerabilities

CVE	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (materialize-css version)	Remediation Possible**
CVE-2022-25349	Medium	5.3	Not Defined	0.1%	materialize-css-1.0.0.tgz	Direct	N/A	❌
CVE-2019-11004	Medium	5.3	Not Defined	0.1%	materialize-css-1.0.0.tgz	Direct	N/A	❌
CVE-2019-11003	Medium	5.3	Not Defined	0.1%	materialize-css-1.0.0.tgz	Direct	N/A	❌
CVE-2019-11002	Medium	5.3	Not Defined	0.1%	materialize-css-1.0.0.tgz	Direct	N/A	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-25349

### Vulnerable Library - materialize-css-1.0.0.tgz

Builds Materialize distribution packages

Library home page: https://registry.npmjs.org/materialize-css/-/materialize-css-1.0.0.tgz

Path to dependency file: /packages/node/base/package.json

Path to vulnerable library: /packages/node/base/node_modules/materialize-css/package.json,/packages/node/twistcli_test/node_modules/materialize-css/package.json

Dependency Hierarchy: - :x: **materialize-css-1.0.0.tgz** (Vulnerable Library)

Found in HEAD commit: d42725f4065c555d9b0a227fdb42ad5e87b8d984

Found in base branch: master

### Vulnerability Details

All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.

Publish Date: 2022-05-01

URL: CVE-2022-25349

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 4 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

CVE-2019-11004

### Vulnerable Library - materialize-css-1.0.0.tgz

Builds Materialize distribution packages

Library home page: https://registry.npmjs.org/materialize-css/-/materialize-css-1.0.0.tgz

Path to dependency file: /packages/node/base/package.json

Path to vulnerable library: /packages/node/base/node_modules/materialize-css/package.json,/packages/node/twistcli_test/node_modules/materialize-css/package.json

Dependency Hierarchy: - :x: **materialize-css-1.0.0.tgz** (Vulnerable Library)

Found in HEAD commit: d42725f4065c555d9b0a227fdb42ad5e87b8d984

Found in base branch: master

### Vulnerability Details

In Materialize through 1.0.0, XSS is possible via the Toast feature.

Publish Date: 2019-04-08

URL: CVE-2019-11004

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 4 Score Details (5.3)

For more information on CVSS4 Scores, click here.

CVE-2019-11003

### Vulnerable Library - materialize-css-1.0.0.tgz

Builds Materialize distribution packages

Library home page: https://registry.npmjs.org/materialize-css/-/materialize-css-1.0.0.tgz

Path to dependency file: /packages/node/base/package.json

Path to vulnerable library: /packages/node/base/node_modules/materialize-css/package.json,/packages/node/twistcli_test/node_modules/materialize-css/package.json

Dependency Hierarchy: - :x: **materialize-css-1.0.0.tgz** (Vulnerable Library)

Found in HEAD commit: d42725f4065c555d9b0a227fdb42ad5e87b8d984

Found in base branch: master

### Vulnerability Details

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature.

Publish Date: 2019-04-08

URL: CVE-2019-11003

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 4 Score Details (5.3)

For more information on CVSS4 Scores, click here.

CVE-2019-11002

### Vulnerable Library - materialize-css-1.0.0.tgz

Builds Materialize distribution packages

Library home page: https://registry.npmjs.org/materialize-css/-/materialize-css-1.0.0.tgz

Path to dependency file: /packages/node/base/package.json

Path to vulnerable library: /packages/node/base/node_modules/materialize-css/package.json,/packages/node/twistcli_test/node_modules/materialize-css/package.json

Dependency Hierarchy: - :x: **materialize-css-1.0.0.tgz** (Vulnerable Library)

Found in HEAD commit: d42725f4065c555d9b0a227fdb42ad5e87b8d984

Found in base branch: master

### Vulnerability Details

In Materialize through 1.0.0, XSS is possible via the Tooltip feature.

Publish Date: 2019-04-08

URL: CVE-2019-11002

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 4 Score Details (5.3)

For more information on CVSS4 Scores, click here.

rsoreq / terragoat

materialize-css-1.0.0.tgz: 4 vulnerabilities (highest severity is: 5.3) #12

Vulnerabilities

Details