17 matches found
CVE-2026-8467
Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handleevent/3...
CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handleevent/3...
EUVD-2026-31112
Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handleevent/3...
CVE-2026-8467
PHOENIX_STORYBOOK contains a code‑injection vulnerability (CVE-2026-8467) that allows unauthenticated remote code execution via HEEx template injection. An attacker can supply arbitrary attribute names/values to the psb-assign WebSocket handler; unescaped attribute values are interpolated into HE...
PhoenixStorybook 代码注入漏洞
PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.5.0 to 1.1.0 had a code injection vulnerability. This vulnerability stemmed from uncleaned attribute value interpolation, which led to code...
PT-2026-42179
Code Injection vulnerability in phenixdigital phoenix storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handle event/3...
EUVD-2023-0339
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
phoenixhtml is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it outputs to the front end, allowing an attacker to inject and execute malicious JavaScript via HEEx class attributes in tag.ex...
GHSA-5G2H-9X5V-5H3X phoenix_html allows Cross-site Scripting in HEEx class attributes
tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...
phoenix_html allows Cross-site Scripting in HEEx class attributes
tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...
CVE-2021-46871
tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...
CVE-2021-46871
tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...
Design/Logic Flaw
tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...
CVE-2021-46871
tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...
GHSA-J3GG-R6GP-95Q2 XSS in HEEx class attributes
The class attribute was not protected against XSS attacks when using HEEx...
XSS in HEEx class attributes
The class attribute was not protected against XSS attacks when using HEEx...
PT-2022-12947 · Phoenix · Phoenix.Html
Name of the Vulnerable Software and Affected Versions: Phoenix Phoenix.HTML aka phoenix html versions prior to 3.0.4 Description: The issue allows XSS in HEEx class attributes. The class attribute was not protected against XSS attacks when using HEEx. Recommendations: For versions prior to 3.0.4,...