Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been patched in version 2.0.1.
AnalysisAI
DOM-based cross-site scripting (XSS) in th30d4y/IP versions 1.0.1 through 2.0.0 allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting malicious input to the IP Reputation Checker application. The vulnerability requires user interaction (clicking a malicious link) but affects all users of vulnerable versions. Vendor-released patch: version 2.0.1.
Technical ContextAI
The IP Reputation Checker application fails to sanitize user input before rendering it in the browser's DOM (Document Object Model), creating a DOM-based XSS vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). Unlike reflected or stored XSS, DOM-based XSS occurs entirely on the client side when JavaScript code directly manipulates the DOM without proper encoding of untrusted data. The vulnerability is introduced when user-supplied values (likely IP addresses or query parameters) are dynamically inserted into HTML or JavaScript contexts without proper escaping or HTML encoding.
RemediationAI
Upgrade th30d4y/IP to version 2.0.1 or later immediately. This patched version includes input sanitization to prevent DOM-based XSS. Users unable to upgrade immediately should implement Content Security Policy (CSP) headers restricting script execution to trusted sources only, and configure X-XSS-Protection headers as a secondary control (noting that CSP is the modern standard). Additionally, restrict access to the application to authenticated users and trusted networks if operationally feasible, though this does not eliminate the vulnerability for legitimate users who click malicious links. Review application logs for evidence of XSS payloads in query parameters or form submissions and revoke any user sessions that may have been compromised. The advisory is available at https://github.com/th30d4y/IP/security/advisories/GHSA-j7wv-7j97-9qh9.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28651