Submit #651884: yi-ge get-header-ip master CWE-79info

Titelyi-ge get-header-ip master CWE-79
Beschreibungin file ip.php if (isset($_GET['callback'])) { echo trim($_GET['callback']) . '(' . json_encode(['ip' => $ip]) . ')'; } else { echo $ip . "\n"; } CWE: CWE-79-Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Quelle⚠️ https://github.com/yi-ge/get-header-ip/blob/master/ip.php#L32
Benutzer
 dev03303 (UID 85336)
Einreichung10.09.2025 09:08 (vor 8 Monaten)
Moderieren25.09.2025 07:54 (15 days later)
StatusAkzeptiert
VulDB Eintrag325814 [yi-ge get-header-ip bis 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15 ip.php callback Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!