CVE-2025-2123
- Source
- https://cve.org/CVERecord?id=CVE-2025-2123
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2123.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-2123
- Aliases
- Downstream
- Published
- 2025-03-09T15:00:12.269Z
- Modified
- 2026-05-28T03:55:03.083394950Z
- Severity
-
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- GeSHi CSS cssgen.php get_var cross site scripting
- Details
-
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2123.json", "cwe_ids": [ "CWE-79", "CWE-94" ], "cna_assigner": "VulDB" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2123.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-2123
- https://vuldb.com/?id.299036
- https://vuldb.com/?submit.507418
- https://github.com/GeSHi/geshi-1.0/issues/159
- https://github.com/GeSHi/geshi-1.0/issues/159#issue-2880408694
- https://vuldb.com/?ctiid.299036
Affected packages
Git / github.com/geshi/geshi-1.0
Affected ranges
- Type
- GIT
- Repo
- https://github.com/geshi/geshi-1.0
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.0.9.0" }, { "last_affected": "1.0.9.1" } ], "source": "AFFECTED_FIELD" }
Affected versions
Other
RELEASE_1_0_6
RELEASE_1_0_7
RELEASE_1_0_7_1
RELEASE_1_0_7_10
RELEASE_1_0_7_11
RELEASE_1_0_7_12
RELEASE_1_0_7_14
RELEASE_1_0_7_15
RELEASE_1_0_7_16
RELEASE_1_0_7_2
RELEASE_1_0_7_3
RELEASE_1_0_7_4
RELEASE_1_0_7_5
RELEASE_1_0_7_6
RELEASE_1_0_7_7
RELEASE_1_0_7_8
RELEASE_1_0_7_9
RELEASE_1_0_8_12
Root_RELEASE_1_0_7_STABLE
v1.*
v1.0.6
v1.0.7
v1.0.7.1
v1.0.7.10
v1.0.7.11
v1.0.7.12
v1.0.7.14
v1.0.7.15
v1.0.7.16
v1.0.7.2
v1.0.7.3
v1.0.7.4
v1.0.7.5
v1.0.7.6
v1.0.7.7
v1.0.7.8
v1.0.7.9
v1.0.8.12
v1.0.8.13
v1.0.9.0
v1.0.9.1