[Pkg-mediawiki-devel] Bug#685323: Non-persistent XSS vulnerability in contrib script

Benny Baumann BenBE at geshi.org
Sun Aug 19 16:53:28 UTC 2012

Package: php-geshi
Severity: serious
Tags: security upstream

GeSHi closes non-persistent XSS vulnerability in a contrib script provided in
the GeSHi distribution. The vulnerability can be triggered by an attacker using a
specially crafted URL when calling a vulnerable version of the script.

Please upgrade the php-geshi package to the latest upstream version which fixes this issue.


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages php-geshi depends on:
ii  php5      5.4.4-4
ii  php5-cli  5.4.4-4

php-geshi recommends no packages.

php-geshi suggests no packages.

-- no debconf information

More information about the Pkg-mediawiki-devel mailing list