Vulnerabilities

CVE-2026-21618 - Cross-site scripting (XSS) in OAuth Device Authorization screen

2026-01-19 0 views admin

CVE ID : CVE-2026-21618 Published : Jan. 19, 2026, 3:15 p.m. | 50 minutes ago Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.SharedAuthorizationView' modules) allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/hexpm_web/views/shared_authorization_view.ex and program routines 'Elixir.HexpmWeb.SharedAuthorizationView':render_grouped_scopes/3. This issue affects hexpm: from 617e44c71f1dd9043870205f371d375c5c4d886d before c692438684ead90c3bcbfb9ccf4e63c768c668a8, from pkg:github/hexpm/hexpm@617e44c71f1dd9043870205f371d375c5c4d886d before pkg:github/hexpm/hexpm@c692438684ead90c3bcbfb9ccf4e63c768c668a8; hex.pm: from 2025-10-01 before 2026-01-19. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-21618

Severity

HIGH

Published

Jan. 19, 2026

Affected Product: github

Impact: XSS

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-21618highgithub

CVE-2026-21618 - Cross-site scripting (XSS) in OAuth Device Authorization screen

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1157 - Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow

CVE-2026-1159 - itsourcecode Online Frozen Foods Ordering System order_online.php sql injection

CVE-2026-1158 - Totolink LR350 POST Request cstecgi.cgi setWizardCfg buffer overflow

CVE-2026-1007 - Devolutions Server Authorization Bypass Vulnerability

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3