Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2020-15138HistoryAug 07, 2020 - 5:15 p.m.
CVE-2020-15138
2020-08-0717:15:00
Debian Security Bug Tracker
security-tracker.debian.org
9
0.004 Low
EPSS
Percentile
72.5%
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin (>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | node-prismjs | < 1.11.0+dfsg-4 | node-prismjs_1.11.0+dfsg-4_all.deb |
| Debian | 11 | all | node-prismjs | < 1.11.0+dfsg-4 | node-prismjs_1.11.0+dfsg-4_all.deb |
| Debian | 999 | all | node-prismjs | < 1.11.0+dfsg-4 | node-prismjs_1.11.0+dfsg-4_all.deb |
| Debian | 13 | all | node-prismjs | < 1.11.0+dfsg-4 | node-prismjs_1.11.0+dfsg-4_all.deb |
Related
veracode
veracode
Cross-Site Scripting (XSS)
2020-08-11 05:29:41
Cross-Site Scripting (XSS)
2020-08-11 04:49:17
redhatcve
redhatcve
CVE-2020-15138
2020-08-10 12:14:21
osv
osv
Cross-Site Scripting in Prism
2020-08-07 22:28:30
cve
cve
CVE-2020-15138
2020-08-07 17:15:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Prismjs Previewers
2020-12-01 09:45:48
github
github
Cross-Site Scripting in Prism
2020-08-07 22:28:30
prion
prion
Cross site scripting
2020-08-07 17:15:00
cvelist
cvelist
CVE-2020-15138 Cross-Site Scripting in Prism
2020-08-07 16:30:14
ubuntucve
ubuntucve
CVE-2020-15138
2020-08-07 00:00:00
ibm
ibm