CVE-2020-15138
Summary
| CVE | CVE-2020-15138 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-08-07 17:15:00 UTC |
|---|
| Updated | 2020-08-28 17:06:00 UTC |
|---|
| Description | Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| XSS vulnerability in the Previewers plugin · Advisory · PrismJS/prism · GitHub |
CONFIRM |
github.com |
Third Party Advisory |
| Previewers ▲ Prism plugins |
MISC |
prismjs.com |
Vendor Advisory |
| Previewers: Fixed XSS by RunDevelopment · Pull Request #2506 · PrismJS/prism · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180644 Debian Security Update for node-prismjs (CVE-2020-15138)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
