Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.SharedAuthorizationView' modules) allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/hexpmweb/views/sharedauthorizationview.ex and program routines 'Elixir.HexpmWeb.SharedAuthorizationView':rendergrouped_scopes/3.
This issue affects hexpm: from 617e44c71f1dd9043870205f371d375c5c4d886d before c692438684ead90c3bcbfb9ccf4e63c768c668a8, from pkg:github/hexpm/hexpm@617e44c71f1dd9043870205f371d375c5c4d886d before pkg:github/hexpm/hexpm@c692438684ead90c3bcbfb9ccf4e63c768c668a8; hex.pm: from 2025-10-01 before 2026-01-19.
{
"cna_assigner": "EEF",
"cwe_ids": [
"CWE-79"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "617e44c71f1dd9043870205f371d375c5c4d886d"
},
{
"fixed": "c692438684ead90c3bcbfb9ccf4e63c768c668a8"
},
{
"introduced": "2025-10-01"
},
{
"fixed": "2026-01-19"
}
],
"source": "AFFECTED_FIELD"
},
{
"extracted_events": [
{
"introduced": "617e44c71f1dd9043870205f371d375c5c4d886d"
},
{
"fixed": "c692438684ead90c3bcbfb9ccf4e63c768c668a8"
},
{
"introduced": "617e44c71f1dd9043870205f371d375c5c4d886d"
},
{
"introduced": "2025-10-01"
},
{
"fixed": "2026-01-19"
}
],
"source": "DESCRIPTION"
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21618.json"
}