CVE-2025-2123

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GeSHi versions up to 1.0.9.1

Description A problematic issue has been found in GeSHi, affecting the get var function of the /contrib/cssgen.php file in the CSS Handler component. The manipulation of the default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments argument leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For GeSHi versions up to 1.0.9.1, consider disabling the get var function in the /contrib/cssgen.php file as a temporary workaround until a patch is available. Restrict access to the CSS Handler component to minimize the risk of exploitation. Avoid using the default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments argument in the affected function until the issue is resolved.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

BDU:2026-00156

CVE-2025-2123

GHSA-PR6Q-G5GV-QGR7

Affected Products

Debian

Geshi

CVE-2025-2123

Weakness Enumeration

Related Identifiers

Affected Products

References · 20