18 matches found
DEBIAN-CVE-2026-42338
ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...
CVE-2026-42338 ip-address: XSS in Address6 HTML-emitting methods
ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...
CVE-2026-42338 ip-address: XSS in Address6 HTML-emitting methods
ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...
CVE-2026-42338
ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...
CVE-2026-42338
ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...
CVE-2026-42338
The CVE concerns the ip-address JavaScript library. Prior to version 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding into HTML strings, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain un...
Cross-site Scripting (XSS)
Overview ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An attacker can execute...
PT-2026-37267
Name of the Vulnerable Software and Affected Versions ip-address versions prior to 10.1.1 Description The software fails to HTML-escape attacker-controlled content before embedding it in HTML strings. This occurs in the Address6.group and Address6.link functions, as well as within the...
EUVD-2025-17566
Malicious code in bioql PyPI...
CVE-2025-5892
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...
CVE-2025-5892
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...
CVE-2025-5892 RocketChat parseMessage.js parseMessage redos
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...
CVE-2025-5892
CVE-2025-5892 affects Rocket.Chat up to 7.6.1. The issue is in the parseMessage.js function (parseMessage) where manipulation of the line argument causes inefficient regular expression complexity, enabling a potential remote attack. Public exploit information is present in the sources. Remediatio...
CVE-2025-5892 RocketChat parseMessage.js parseMessage redos
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...
PT-2025-24553 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: RocketChat versions up to 7.6.1 Description: A problematic issue has been found in RocketChat, affecting the parseMessage function of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the line argument...
AwesomestCode LiveBot 跨站脚本漏洞
LiveBot is a program built using electronic and discord.js by the individual developer Raymond Xu. A cross-site scripting vulnerability exists in AwesomestCode LiveBot, which stems from the function parseSend in the file js/parseMessage.js that results in cross-site scripting...
PT-2024-10837 · Unknown · Awesomestcode Livebot
Name of the Vulnerable Software and Affected Versions: AwesomestCode LiveBot affected versions not specified Description: A vulnerability was found in AwesomestCode LiveBot, classified as problematic, affecting the function parseSend of the file js/parseMessage.js. This leads to cross-site...
PT-2022-12396 · Unknown +1 · Libiec61850 +1
Name of the Vulnerable Software and Affected Versions: libiec61850 version 1.5.0 Description: A NULL pointer dereference in AcseConnection parseMessage at src/mms/iso acse/acse.c can lead to a segmentation fault or application crash. Recommendations: For libiec61850 version 1.5.0, consider applyi...