← voltar
CVE-2025-10944

yi-ge get-header-ip ip.php cross site scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79CWE-94
A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X
Produtos afetados
yi-ge · get-header-ip

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/yi-ge/get-header-ip/blob/master/ip.php#L32https://vuldb.com/?ctiid.325814https://vuldb.com/?id.325814https://vuldb.com/?submit.651884