Unknown · Materialize-Css · CVE-2022-25349
**Name of the Vulnerable Software and Affected Versions**
materialize-css versions (all versions)
**Description**
The issue arises from improper escape of user input, such as `<not-a-tag />`, which is then parsed as HTML/JavaScript and inserted into the Document Object Model (DOM). This can lead to Cross-site Scripting (XSS) when user-input is provided to the autocomplete component.
**Recommendations**
For all versions, consider disabling the autocomplete component until a proper fix is implemented to escape user input correctly. Restrict the parsing of user-input as HTML/JavaScript to minimize the risk of exploitation.