Security: yippee-fun/phlex
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Phlex XSS protection bypass via attribute splatting, dynamic tags, and href valuesGHSA-w67g-2h6v-vjgq published
Feb 6, 2026 by joeldrapperHigh -
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in PhlexGHSA-9p57-h987-4vgx published
Apr 29, 2024 by joeldrapperHigh -
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tagsGHSA-g7xq-xv8c-h98c published
Apr 17, 2024 by joeldrapperHigh -
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in PhlexGHSA-242p-4v39-2v8g published
Mar 11, 2024 by joeldrapperHigh