CVE-2026-41575
DOM-Based XSS in th30d4y IP Reputation Checker
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| w4nn4d13 | ip | From 1.0.1 (inc) to 2.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41575 is a DOM-Based Cross-Site Scripting (XSS) vulnerability found in the IP Reputation Checker application, specifically in versions 1.0.1 and earlier of the npm package @w4nn4d13/ip.
The vulnerability occurs because unsanitized user input is directly rendered in the browser, allowing attackers to inject and execute arbitrary JavaScript code.
This issue was patched in version 2.0.1 by implementing safe DOM handling methods such as using textContent instead of raw HTML rendering and properly validating or sanitizing all user inputs.
How can this vulnerability impact me? :
This vulnerability can lead to severe consequences including session hijacking, credential theft, phishing attacks, and full client-side compromise.
Because attackers can execute arbitrary JavaScript in the context of the victim's browser, they can steal sensitive information or manipulate the user interface to deceive users.
The vulnerability has a moderate severity rating with a CVSS score of 6.1, indicating it is exploitable over the network with low attack complexity but requires user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this DOM-Based Cross-Site Scripting (XSS) vulnerability involves checking if the IP Reputation Checker application is rendering unsanitized user input directly in the browser. Since this is a client-side issue, network detection might be limited.
One approach is to test the application by injecting typical XSS payloads into input fields or URL parameters and observing if the payload executes in the browser.
For example, you can use browser developer tools or automated scanners to input scripts such as <script>alert('XSS')</script> or variations thereof.
There are no specific commands provided in the resources, but common methods include using tools like curl or wget to send crafted requests and then manually inspecting the rendered output in a browser.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the IP Reputation Checker application to version 2.0.1 or later, where the vulnerability has been patched.
The patch includes implementing safe DOM handling methods such as using textContent instead of raw HTML rendering and properly validating or sanitizing all user inputs.
Until the upgrade is applied, avoid using or exposing vulnerable versions to untrusted users and consider applying input validation or sanitization at the application level if possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The DOM-Based Cross-Site Scripting (XSS) vulnerability in the IP Reputation Checker application allows attackers to execute arbitrary JavaScript, which can lead to session hijacking, credential theft, phishing attacks, and full client-side compromise.
Such security issues can impact compliance with common standards and regulations like GDPR and HIPAA because they may result in unauthorized access to personal or sensitive data, potentially leading to data breaches.
Failure to properly sanitize user input and prevent XSS attacks could be seen as inadequate protection of data confidentiality and integrity, which are key requirements under these regulations.