| Title | GeShi ≤1.0.9.1 Cross Site Scripting |
|---|
| Description | # Summary
A Cross-Site Scripting (XSS) vulnerability exists in the cssgen.php file of GeShi version x.x.x.x and earlier. This vulnerability allows attackers to inject malicious HTML code into the /contrib/cssgen.php file, which can be executed when a user views the affected page.
# Details
This vulnerability may impact all systems that use composer to install the GeShi library and have not removed the contrib directory, including but not limited to:
```
Dokuwiki
Mambo
phpBB
WikkaWiki
```
Systems using composer to install GeShi can be identified via [GitHub search](https://github.com/search?q=%22geshi%2Fgeshi%22%3A&type=code).
The cssgen.php file uses the `get_var` function to retrieve user input parameters but fails to properly sanitize or escape the input.
# POC
```
http(s)://target-ip/geshi-x.x.x.x/contrib/cssgen.php?step=3&default-styles=%3Cscript%3Ealert(document.cookie)%3C/script%3E&keywords-1=%3Cscript%3Ealert(document.cookie)%3C/script%3E&comments=%3Cscript%3Ealert(document.cookie)%3C/script%3E&escaped-chars=%3Cscript%3Ealert(document.cookie)%3C/script%3E
``` |
|---|
| Source | ⚠️ https://github.com/GeSHi/geshi-1.0/issues/159 |
|---|
| User | jiashenghe (UID 39445) |
|---|
| Submission | 02/26/2025 07:42 (1 Year ago) |
|---|
| Moderation | 03/08/2025 15:27 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 299036 [GeSHi up to 1.0.9.1 CSS /contrib/cssgen.php get_var cross site scripting] |
|---|
| Points | 20 |
|---|