Primary

Context

th30d4y IP DOM-Based Cross-Site Scripting Vulnerability

Vulnerability

A DOM-Based Cross-Site Scripting (XSS) vulnerability has been identified in the th30d4y/IP IP Reputation Checker application, affecting versions 1.0.1 prior to 2.0.1. The vulnerability arises from unsanitized user input being directly rendered in the browser, which allows attackers to execute arbitrary JavaScript. This issue could lead to session hijacking, credential theft, phishing attacks, and full client-side compromise.

Impact

Exploitation of this vulnerability could result in session hijacking, credential theft, phishing attacks, and full client-side compromise.

Remediation

Users are advised to update to version 2.0.1. For those maintaining version 1.0.1, it is recommended to use safe DOM handling methods, such as 'textContent', instead of rendering raw HTML, and to validate or sanitize all user inputs.

Added: May 8, 2026, 9:51 PM

Updated: May 8, 2026, 9:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

th30d4y IP DOM-Based Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating