XSS in Phoenixframework Phoenix_live_view

CVE-2026-58228

Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.valid_destination!/2 and Phoenix…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References