Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.7 views

SUSE CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

6.1CVSS4.8AI score0.00471EPSS
Exploits1References11
OSV
OSV
added 2026/05/12 8:16 p.m.6 views

DEBIAN-CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

6.1CVSS5.4AI score0.00471EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 8:16 p.m.20 views

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

8.1CVSS0.00471EPSS
Exploits1References17
Debian CVE
Debian CVE
added 2026/05/12 7:43 p.m.12 views

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

8.1CVSS5.4AI score0.00471EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/12 7:43 p.m.8 views

CVE-2026-42338 ip-address: XSS in Address6 HTML-emitting methods

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

5.3CVSS5.4AI score0.00471EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 7:43 p.m.48 views

CVE-2026-42338

CVE-2026-42338 affects the ip-address JavaScript library. Prior to version 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content when embedding results in HTML, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can include ...

8.1CVSS5.4AI score0.00471EPSS
Exploits1References17Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:43 p.m.41 views

CVE-2026-42338 ip-address: XSS in Address6 HTML-emitting methods

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

5.3CVSS0.00471EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37267

Name of the Vulnerable Software and Affected Versions ip-address versions prior to 10.1.1 Description The software fails to HTML-escape attacker-controlled content before embedding it in HTML strings. This occurs in the Address6.group and Address6.link functions, as well as within the...

8.1CVSS5.6AI score0.00471EPSS
Exploits1References412
Rows per page
Query Builder