Moderate severityNVD Advisory· Published Mar 9, 2025· Updated Mar 10, 2025
GeSHi CSS cssgen.php get_var cross site scripting
CVE-2025-2123
Description
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
geshi/geshiPackagist | <= 1.0.9.1 | — |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/GeSHi/geshi-1.0/issues/159mitreexploitissue-tracking
- github.com/advisories/GHSA-pr6q-g5gv-qgr7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-2123ghsaADVISORY
- vuldb.comghsathird-party-advisoryWEB
- github.com/GeSHi/geshi-1.0/issues/159ghsaissue-trackingWEB
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.