CVE-2025-10944

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions yi-ge get-header-ip versions prior to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15

Description A cross-site scripting issue exists due to manipulation of the callback argument within the ip function of the ip.php file. This allows for remote attacks. The product uses a rolling release model, and specific version information for affected or updated releases is not available.

Recommendations Update to a version prior to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. As a temporary workaround, consider restricting the use of the ip function in the ip.php file until a suitable update is available. Avoid using the callback argument in the ip function.

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-10944

Affected Products

Php-Mip

Yi-Ge

CVE-2025-10944

Weakness Enumeration

Related Identifiers

Affected Products

References · 8