CVE-2026-41575
th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
08 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been patched in version 2.0.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
th30d4y · IP¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →