MGASA-2013-0163

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0163.html

Import Source

https://advisories.mageia.org/MGASA-2013-0163.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0163

Upstream

CVE-2012-3251

CVE-2012-3522

Published

2013-06-06T12:24:33Z

Modified

2026-04-16T06:22:57.666947476Z

Summary

Updated php-geshi package fix security vulnerabilities

Details

A directory traversal and information disclosure (local file inclusion) flaws were found in the cssgen contrib module (application to generate custom CSS files) of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote attacker could provide a specially-crafted URL that, when visited could lead to local file system traversal or, potentially, ability to read content of any local file, accessible with the privileges of the user running the webserver (CVE-2012-3251).

A cross-site scripting (XSS) flaw was found in the way 'langwiz' example script of GeSHi, a generic syntax highlighter, performed sanitization of certain HTTP GET / POST request variables (prior dumping their content). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution (CVE-2012-3522).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / php-geshi

Package

Name: php-geshi
Purl: pkg:rpm/mageia/php-geshi?arch=source&distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.8.11-1.mga2

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2013-0163.json"