Syntaxhighlight Geshi
Monthly
Cross-site scripting in the Wikimedia Foundation SyntaxHighlight_GeSHi MediaWiki extension allows authenticated users to inject unsanitized input via the syntax highlighting interface, with malicious script executing in victims' browsers upon page view. The flaw originates in includes/SyntaxHighlight.php and affects all versions prior to branch-specific fixes at 1.46.0, 1.45.4, 1.44.6, and 1.43.9. No public exploit code or active exploitation has been identified at time of analysis, and the CVSS 4.0 score of 5.3 (Medium) reflects limited confidentiality impact scoped to the vulnerable system.
Cross-site scripting in the Wikimedia Foundation SyntaxHighlight_GeSHi MediaWiki extension allows authenticated users to inject unsanitized input via the syntax highlighting interface, with malicious script executing in victims' browsers upon page view. The flaw originates in includes/SyntaxHighlight.php and affects all versions prior to branch-specific fixes at 1.46.0, 1.45.4, 1.44.6, and 1.43.9. No public exploit code or active exploitation has been identified at time of analysis, and the CVSS 4.0 score of 5.3 (Medium) reflects limited confidentiality impact scoped to the vulnerable system.