Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.8 views

CVE-2026-42338

A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...

8.1CVSS4.9AI score0.00453EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

ip-address 跨站脚本漏洞

ip-address is a JavaScript library developed by Beau Gunderson, designed for verifying and manipulating IPv4 and IPv6 addresses. Versions prior to 10.1.1 of ip-address had a cross-site scripting vulnerability. This vulnerability stemmed from the Address6.group and Address6.link methods not proper...

6.1CVSS5.6AI score0.00453EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 9:50 p.m.4 views

GHSA-V2V4-37R5-5V8G ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

5.3CVSS5.4AI score0.00453EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/05 9:50 p.m.17 views

ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

8.1CVSS5.4AI score0.00453EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/05 9:50 p.m.11 views

NPM: ip-address has XSS in Address6 HTML-emitting methods

NPM: ip-address has XSS in Address6 HTML-emitting methods vulnerability discovered by ? in WordPress Npm ip-address versions = 10.1.0...

6.1CVSS5.8AI score0.00453EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 7:8 p.m.2 views

CVE-2026-26310

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the originalsrc filter and the dns filter. This vulnerability is fixe...

5.9CVSS5.8AI score0.00388EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.9 views

TOTOLINK A3002RU 缓冲区错误漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. The TOTOLINK A3002RU V3 V3.0.0-B20220304.1804 version contains a buffer error vulnerability. This vulnerability stems from a stack buffer overflow in the staticipv6 parameter of the formIpv6Setup function, which may allow fo...

8.8CVSS6.3AI score0.00489EPSS
Exploits1References1
Rows per page
Query Builder