CVE-2026-41575

MEDIUM

th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-41575. PoCs published by krrazee.

AI-analyzed exploit summary The repository contains only a README and SECURITY.md file with no exploit code or technical details. It lacks any functional PoC, analysis, or vulnerability specifics.

Description

In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been patched in version 2.0.1.

Exploits (1)

github STUB

by krrazee · poc

https://github.com/krrazee/CVE-2026-41575

View Code ZIP pw:eip

The repository contains only a README and SECURITY.md file with no exploit code or technical details. It lacks any functional PoC, analysis, or vulnerability specifics.

Classification

Stub 95%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unspecified

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed May 17, 2026 Full analysis →

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/th30d4y/IP/security/advisories/GHSA-j7wv-7j97-9qh9

Scores

CVSS v3 6.1

EPSS 0.0018

EPSS Percentile 7.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-80

Status published

Products (2)

th30d4y/IP >= 1.0.1, < 2.0.1

th30d4y/w4nn4d13\/ip 1.0.1 - 2.0.1

Published May 08, 2026

Tracked Since May 08, 2026