CVE-2025-2123

low-risk
Published 2025-03-09

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Do I need to act?

-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Geshi

Affected Vendors

Qbnz

References (7)

Exploit https://github.com/GeSHi/geshi-1.0/issues/159
Exploit https://github.com/GeSHi/geshi-1.0/issues/159#issue-2880408694
Permissions Required https://vuldb.com/?ctiid.299036
Third Party Advisory https://vuldb.com/?id.299036
Exploit https://vuldb.com/?submit.507418
Exploit https://github.com/GeSHi/geshi-1.0/issues/159
Exploit https://github.com/GeSHi/geshi-1.0/issues/159#issue-2880408694
21
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal