Moderate severityNVD Advisory· Published Jun 13, 2014· Updated May 6, 2026
CVE-2012-3522
CVE-2012-3522
Description
Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
geshi/geshiPackagist | < 1.0.8.11 | 1.0.8.11 |
Affected products
7cpe:2.3:a:qbnz:geshi:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:qbnz:geshi:*:*:*:*:*:*:*:*range: <=1.0.8.10
- cpe:2.3:a:qbnz:geshi:1.0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- sourceforge.net/p/geshi/code/2508/nvdExploitPatch
- github.com/advisories/GHSA-f3f3-5q5j-6v47ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-3522ghsaADVISORY
- sourceforge.net/p/geshi/code/2508ghsaWEB
- www.openwall.com/lists/oss-security/2012/08/21/11nvdWEB
- lists.fedorahosted.org/archives/list/package-announce@lists.fedoraproject.org/message/AE33KOZ42XXG6DSH5SNGOTC3NS7FWZ2IghsaWEB
- lists.fedorahosted.org/archives/list/package-announce@lists.fedoraproject.org/message/H2R65LEAIDK6I53IYGZWDCRETBYKNUKFghsaWEB
- lists.fedorahosted.org/archives/list/package-announce@lists.fedoraproject.org/message/JA5TA3T7AJXWM4QMI62LMGW62WZUULGBghsaWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105273.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.htmlnvd
News mentions
0No linked articles in our index yet.