Skip to content

XSS in HEEx class attributes

Moderate severity GitHub Reviewed Published Apr 12, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

erlang phoenix_html (Erlang)

Affected versions

< 3.0.4

Patched versions

3.0.4

Description

The class attribute was not protected against XSS attacks when using HEEx.

References

Published to the GitHub Advisory Database Apr 12, 2022
Reviewed Apr 12, 2022
Last updated Jan 11, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-j3gg-r6gp-95q2

Source code

Dependabot alerts are not supported on some or all of the ecosystems on this advisory.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.