Debian Geshi vulnerabilities

CVE-2025-2123 [MEDIUM] CVE-2025-2123: geshi - A vulnerability, which was classified as problematic, has been found in GeSHi up... A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely.

CVE-2012-3521 [MEDIUM] CVE-2012-3521: geshi - Multiple directory traversal vulnerabilities in the cssgen contrib module in GeS... Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter. Scope: local bookworm: resolved (fixed in 1.0.8.4-2) bullseye: resolved (fixed in 1.0.8.4-2) forky: resolved (fixed in 1.0.8.4-2) sid: resolved (fixe

CVE-2012-3522 [MEDIUM] CVE-2012-3522: geshi - Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before ... Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-5185 [MEDIUM] CVE-2008-5185: geshi - The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote ... The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<". Scope: local bookworm: resolved (fixed in 1.0.8.1-1) bullseye: resolved (fixed in 1.0.8.1-1) forky: resolved (fixed in 1.0.8.1-

CVE-2008-5186 [HIGH] CVE-2008-5186: dokuwiki - The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi... The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi.