XSS in Phoenixframework Phoenix_live_view
CVE-2026-58228
Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.valid_destination!/2 and Phoenix…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Phoenixframework Phoenix_live_view — versions 1.2.2, 4b63216ae68886db99cf7772af23372d76c40e7e
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)