Moderate severityNVD Advisory· Published Jan 10, 2023· Updated Apr 9, 2025
CVE-2021-46871
CVE-2021-46871
Description
tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phoenix_htmlnpm | < 3.0.4 | 3.0.4 |
phoenix_htmlHex | < 3.0.4 | 3.0.4 |
Affected products
3- Phoenix/Phoenix.HTMLdescription
- ghsa-coords2 versions
< 3.0.4+ 1 more
- (no CPE)range: < 3.0.4
- (no CPE)range: < 3.0.4
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.