Listen to this Post
How CVE-2025-2123 Works
The vulnerability in GeSHi (up to v1.0.9.1) resides in the `get_var` function within /contrib/cssgen.php. Improper sanitization of user-supplied input in the default-styles, keywords-1, keywords-2, keywords-3, keywords-4, and `comments` parameters allows attackers to inject malicious JavaScript. Since the component processes CSS-related inputs without adequate validation, stored XSS payloads execute when a victim views the manipulated content. The attack is remotely exploitable with low privileges, requiring only user interaction (e.g., viewing a crafted page).
DailyCVE Form
Platform: GeSHi
Version: ≤1.0.9.1
Vulnerability: Stored XSS
Severity: Medium
Date: 2025-03-09
Prediction: Patch by 2025-09-30
What Undercode Say
grep -r "get_var" /contrib/cssgen.php curl -X POST -d "keywords-1=<script>alert(1)</script>" http://target/cssgen.php
How Exploit
1. Attacker submits malicious CSS parameters.
2. Payload stored in server-generated CSS.
3. Victim loads page, triggering XSS.
Protection from this CVE
- Input sanitization.
- Output encoding.
- Update to patched version.
Impact
- Session hijacking.
- Defacement.
- Data theft.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
