216.73.216.133

CVE-2026-21618

· Published 19/01/2026 15:15 · Modified 19/01/2026 15:15

Labels: CVE-2026-21618 2026-01-196b3ad84c-e1a6-4bf7-a703-f496b71e49dbCVE-2026-21618CWE-79

Essential information

Published
19/01/2026 15:15
Modified
19/01/2026 15:15
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.SharedAuthorizationView' modules) allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/hexpm_web/views/shared_authorization_view.ex and program routines 'Elixir.HexpmWeb.SharedAuthorizationView':render_grouped_scopes/3. This issue affects hexpm: from 617e44c71f1dd9043870205f371d375c5c4d886d before c692438684ead90c3bcbfb9ccf4e63c768c668a8, from pkg:github/hexpm/hexpm@617e44c71f1dd9043870205f371d375c5c4d886d before pkg:github/hexpm/hexpm@c692438684ead90c3bcbfb9ccf4e63c768c668a8; hex.pm: from 2025-10-01 before 2026-01-19.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
6b3ad84c-e1a6-4bf7-a703-f496b71e49db
NVD
View on NVD

Affected products (CPE)

ProductCPE
hexpm / hexpm cpe:2.3:a:hexpm:hexpm:<617e44c71f1dd9043870205f371d375c5c4d886d-c692438684ead90c3bcbfb9ccf4e63c768c668a8:*:*:*:*:*:*:*

References