A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
{ "nvd_published_at": "2025-03-09T15:15:36Z", "severity": "MODERATE", "github_reviewed_at": "2025-06-23T22:42:17Z", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }