Phoenix.HTML allows XSS in HEEx class attributes | VulnCheck Advisories

Go back

Phoenix.HTML allows XSS in HEEx class attributes

severity: medium
date: January 10, 2023
Affecting: Phoenix.HTML versions prior to 3.0.4
CVE: CVE-2021-46871
CVE type: Improper Neutralization of Input During Web Page Generation
CVSS: 6.1
CVSS V3 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References: GHSA-j3gg-r6gp-95q2
fix commit