Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceGHSA-5g2h-9x5v-5h3x

GHSA-5g2h-9x5v-5h3x

MEDIUM6.1

phoenix_html allows Cross-site Scripting in HEEx class attributes

Published Jan 10, 2023

Modified 9 months ago

Fix available

Details

tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes

Affected Packages

phoenix_html

Hexnpm

Fixed in:

3.0.4

References

ADVISORYhttps://github.com/advisories/GHSA-5g2h-9x5v-5h3x ADVISORYhttps://github.com/advisories/GHSA-j3gg-r6gp-95q2 WEBhttps://github.com/phoenixframework/phoenix_html WEBhttps://github.com/phoenixframework/phoenix_html/commit/62a0139fb716bcdce697f6221244bd81d321d620 ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-46871

Aliases

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

ChangedS:C

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

NoneA:N

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Related

Ecosystems

Timeline

PublishedJan 10, 2023

ModifiedApr 9, 2025

GHSA-5g2h-9x5v-5h3x | Mondoo Vulnerability Intelligence