CVE-2026-42338

A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...

ip-address 跨站脚本漏洞

ip-address is a JavaScript library developed by Beau Gunderson, designed for verifying and manipulating IPv4 and IPv6 addresses. Versions prior to 10.1.1 of ip-address had a cross-site scripting vulnerability. This vulnerability stemmed from the Address6.group and Address6.link methods not proper...

ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

GHSA-V2V4-37R5-5V8G ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...