VYPR
Medium severity6.1NVD Advisory· Published Jan 19, 2026· Updated Apr 6, 2026

CVE-2026-21618

CVE-2026-21618

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.SharedAuthorizationView' modules) allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/hexpm_web/views/shared_authorization_view.ex and program routines 'Elixir.HexpmWeb.SharedAuthorizationView':render_grouped_scopes/3.

This issue affects hexpm: from 617e44c71f1dd9043870205f371d375c5c4d886d before c692438684ead90c3bcbfb9ccf4e63c768c668a8, from pkg:github/hexpm/hexpm@617e44c71f1dd9043870205f371d375c5c4d886d before pkg:github/hexpm/hexpm@c692438684ead90c3bcbfb9ccf4e63c768c668a8; hex.pm: from 2025-10-01 before 2026-01-19.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Bpsoft/Hexpm2 versions
    cpe:2.3:a:hex:hexpm:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:hex:hexpm:*:*:*:*:*:*:*:*range: >=2025-10-01,<2026-01-19
    • (no CPE)range: >= 617e44c71f1dd9043870205f371d375c5c4d886d, < c692438684ead90c3bcbfb9ccf4e63c768c668a8
  • Bpsoft/Hexllm-fuzzy
    Range: >= 2025-10-01, < 2026-01-19

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.