Lucene search
Veracode Vulnerability DatabaseVERACODE:38949HistoryJan 21, 2023 - 7:52 a.m.
Cross-site Scripting (XSS)
2023-01-2107:52:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
cross-site scripting
phoenix_html
library
special characters
front end
attacker
javascript
heex class
tag.ex
vulnerability
software
EPSS
0.001
Percentile
26.1%
phoenix_html is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the special characters before it outputs to the front end, allowing an attacker to inject and execute malicious JavaScript via HEEx class attributes in tag.ex.
Related
prion
prion
Design/Logic Flaw
2023-01-10 06:15:00
nvd
nvd
CVE-2021-46871
2023-01-10 06:15:09
github
github
phoenix_html allows Cross-site Scripting in HEEx class attributes
2023-01-10 06:30:25
osv
osv
CVE-2021-46871
2023-01-10 06:15:09
XSS in HEEx class attributes
2022-04-12 20:22:57
phoenix_html allows Cross-site Scripting in HEEx class attributes
2023-01-10 06:30:25
cve
cve
CVE-2021-46871
2023-01-10 06:15:09
cvelist
cvelist
CVE-2021-46871
2023-01-10 00:00:00