Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...

8.1CVSS6.9AI score0.00471EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.6 views

SUSE CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

6.1CVSS4.8AI score0.00471EPSS
Exploits1References7
NVD
NVD
added 2026/05/12 8:16 p.m.20 views

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

8.1CVSS0.00471EPSS
Exploits1References15
OSV
OSV
added 2026/05/12 8:16 p.m.6 views

DEBIAN-CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

6.1CVSS5.4AI score0.00471EPSS
Exploits1References1
OSV
OSV
added 2026/05/12 8:16 p.m.5 views

UBUNTU-CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

8.1CVSS5.4AI score0.00471EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:43 p.m.7 views

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

5.3CVSS5.4AI score0.00471EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 7:43 p.m.8 views

CVE-2026-42338 ip-address: XSS in Address6 HTML-emitting methods

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

5.3CVSS5.4AI score0.00471EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 7:43 p.m.37 views

CVE-2026-42338 ip-address: XSS in Address6 HTML-emitting methods

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

5.3CVSS0.00471EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 7:43 p.m.47 views

CVE-2026-42338

CVE-2026-42338 affects the ip-address JavaScript library. Prior to version 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content when embedding results in HTML, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can include ...

8.1CVSS5.4AI score0.00471EPSS
Exploits1References15Affected Software1
Debian CVE
Debian CVE
added 2026/05/12 7:43 p.m.12 views

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

8.1CVSS5.4AI score0.00471EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37267

Name of the Vulnerable Software and Affected Versions ip-address versions prior to 10.1.1 Description The software fails to HTML-escape attacker-controlled content before embedding it in HTML strings. This occurs in the Address6.group and Address6.link functions, as well as within the...

8.1CVSS5.6AI score0.00471EPSS
Exploits1References397
Rows per page
Query Builder