Описание
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| geshi | fixed | 1.0.8.4-2 | package |
Примечания
https://github.com/GeSHi/geshi-1.0/issues/159
Since the fix of #685324 the contrib/cssgen.php is first removed from the
bundled examples and later on replaced by a patch removing the file from
the unpacked source.
Связанные уязвимости
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
GeSHi XSS possible in the get_var function of /contrib/cssgen.php
Уязвимость функции get_var библиотеки для подсветки синтаксиса в исходном коде GeSHi, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)