Submit #651884: yi-ge get-header-ip master CWE-79info

Titleyi-ge get-header-ip master CWE-79
Descriptionin file ip.php if (isset($_GET['callback'])) { echo trim($_GET['callback']) . '(' . json_encode(['ip' => $ip]) . ')'; } else { echo $ip . "\n"; } CWE: CWE-79-Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Source⚠️ https://github.com/yi-ge/get-header-ip/blob/master/ip.php#L32
User
 dev03303 (UID 85336)
Submission09/10/2025 09:08 (8 months ago)
Moderation09/25/2025 07:54 (15 days later)
StatusAccepted
VulDB entry325814 [yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15 ip.php callback cross site scripting]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!