A vulnerability was found in phoenixframework phoenix_live_view up to 1.2.6. It has been declared as problematic. Affected is the function valid_destination!/2 of the file lib/phoenix_live_view/utils.ex of the component URL Scheme Validator. Such manipulation of the argument URL leads to cross site scripting.

This vulnerability is documented as CVE-2026-58228. The attack can be executed remotely. There is not any exploit available.