CVE-2025-2123
published 2025-03-09CVE-2025-2123: A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file…
PriorityP431medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.41%
32.5th percentile
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | geshi | < geshi 1.0.8.4-2 (bookworm) | geshi 1.0.8.4-2 (bookworm) |
| geshi | geshi | 0 – 1.0.9.1 | — |
| qbnz | geshi | <= 1.0.9.1 | — |
| qbnz | geshi | — | — |
| qbnz | geshi | — | — |
| qbnz | geshi | >= 0 < 1.0.8.4-2 | 1.0.8.4-2 |
| qbnz | geshi | >= 0 < 1.0.8.4-2 | 1.0.8.4-2 |
| qbnz | geshi | >= 0 < 1.0.8.4-2 | 1.0.8.4-2 |
| qbnz | geshi | >= 0 < 1.0.8.4-2 | 1.0.8.4-2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv5.1MEDIUM
vendor_debian5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2025-2123: geshi - A vulnerability, which was classified as problematic, has been found in GeSHi up...
vendor_debian·2025·CVSS 5.1
CVE-2025-2123 [MEDIUM] CVE-2025-2123: geshi - A vulnerability, which was classified as problematic, has been found in GeSHi up...
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Scope: local
bookworm: resolved (fixed in 1.0.8.4-2)
bullseye: resolved (fixed in 1.0.8.4-2)
forky: resolved (fixed in 1.0.8.4-2)
sid: resolved (fixed in 1.0.8.4-2)
trixie: resolved (fixed in 1.0.8.4-2)
OSV
CVE-2025-2123: A vulnerability, which was classified as problematic, has been found in GeSHi up to 1
osv·2025-03-09·CVSS 5.1
CVE-2025-2123 [MEDIUM] CVE-2025-2123: A vulnerability, which was classified as problematic, has been found in GeSHi up to 1
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
GHSA
GeSHi XSS possible in the get_var function of /contrib/cssgen.php
ghsa·2025-03-09
CVE-2025-2123 [MEDIUM] CWE-79 GeSHi XSS possible in the get_var function of /contrib/cssgen.php
GeSHi XSS possible in the get_var function of /contrib/cssgen.php
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
OSV
GeSHi XSS possible in the get_var function of /contrib/cssgen.php
osv·2025-03-09
CVE-2025-2123 [MEDIUM] GeSHi XSS possible in the get_var function of /contrib/cssgen.php
GeSHi XSS possible in the get_var function of /contrib/cssgen.php
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/GeSHi/geshi-1.0/issues/159https://github.com/GeSHi/geshi-1.0/issues/159#issue-2880408694https://vuldb.com/?ctiid.299036https://vuldb.com/?id.299036https://vuldb.com/?submit.507418https://github.com/GeSHi/geshi-1.0/issues/159https://github.com/GeSHi/geshi-1.0/issues/159#issue-2880408694
2025-03-09
Published