CVE-2026-41575— th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability

th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability

In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been patched in version 2.0.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

IP 跨站脚本漏洞

IP是th30d4y开源的一个IP地址查询与展示工具。 IP 1.0.1版本至2.0.1之前版本存在跨站脚本漏洞，该漏洞源于未对用户输入进行清理，可能导致基于DOM的跨站脚本攻击。

N/A

N/A