CVE-2012-3522Cross-site Scripting in Geshi

CWE-79Cross-site Scripting7 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 44.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GeshiQbnz GeshiDebian Geshi
Timeline
PublishedJun 13
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Packagistgeshi/geshi< 1.0.8.11
Ubuntuqbnz/geshi< 1.0.8.11-2+1
NVDqbnz/geshi1.0.8.10+6
debiandebian/geshi

Patches

Patch: sourceforge.netPatch: sourceforge.net

🔴Vulnerability Details

3
OSV
GeSHi vulnerable to Cross-site Scripting2022-05-17
GHSA
GeSHi vulnerable to Cross-site Scripting2022-05-17
OSV
CVE-2012-3522: Cross-site scripting (XSS) vulnerability in contrib/langwiz2014-06-13

📋Vendor Advisories

1
Debian
CVE-2012-3522: geshi - Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before ...2012

💬Community

2
Bugzilla
CVE-2012-3521 CVE-2012-3522 php-geshi: Various flaws [fedora-all]2012-08-21
Bugzilla
CVE-2012-3522 php-geshi: Non-persistent XSS in langwiz contrib script2012-08-21