Source: geshi Version: 1.0.9.1-1 Severity: important Tags: security upstream Forwarded: https://github.com/GeSHi/geshi-1.0/issues/159 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for geshi. CVE-2025-2123[0]: | A vulnerability, which was classified as problematic, has been found | in GeSHi up to 1.0.9.1. Affected by this issue is the function | get_var of the file /contrib/cssgen.php of the component CSS | Handler. The manipulation of the argument default- | styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to | cross site scripting. The attack may be launched remotely. The | exploit has been disclosed to the public and may be used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-2123 https://www.cve.org/CVERecord?id=CVE-2025-2123 [1] https://github.com/GeSHi/geshi-1.0/issues/159 Regards, Salvatore
