Описание
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
EPSS
3.5 Low
CVSS3
6.1 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, has been found i ...
GeSHi XSS possible in the get_var function of /contrib/cssgen.php
Уязвимость функции get_var библиотеки для подсветки синтаксиса в исходном коде GeSHi, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
EPSS
3.5 Low
CVSS3
6.1 Medium
CVSS3
4 Medium
CVSS2