Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-23647HistoryFeb 18, 2022 - 3:15 p.m.
CVE-2022-23647
2022-02-1815:15:07
Debian Security Bug Tracker
security-tracker.debian.org
26
0.001 Low
EPSS
Percentile
30.5%
Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism’s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | node-prismjs | < 1.27.0+dfsg+~1.26.0-1 | node-prismjs_1.27.0+dfsg+~1.26.0-1_all.deb |
| Debian | 11 | all | node-prismjs | < 1.23.0+dfsg-1+deb11u2 | node-prismjs_1.23.0+dfsg-1+deb11u2_all.deb |
| Debian | 999 | all | node-prismjs | < 1.27.0+dfsg+~1.26.0-1 | node-prismjs_1.27.0+dfsg+~1.26.0-1_all.deb |
| Debian | 13 | all | node-prismjs | < 1.27.0+dfsg+~1.26.0-1 | node-prismjs_1.27.0+dfsg+~1.26.0-1_all.deb |
Related
prion
prion
Cross site scripting
2022-02-18 15:15:00
cvelist
cvelist
CVE-2022-23647 Cross-site Scripting in Prism
2022-02-18 14:50:10
ibm
ibm
veracode
veracode
Cross-site Scripting (XSS)
2022-02-22 02:08:43
osv
osv
CVE-2022-23647
2022-02-18 15:15:07
Cross-site Scripting in Prism
2022-02-22 19:32:18
ubuntucve
ubuntucve
CVE-2022-23647
2022-02-18 00:00:00
redhatcve
redhatcve
CVE-2022-23647
2022-02-21 17:36:31
github
github
Cross-site Scripting in Prism
2022-02-22 19:32:18
cve
cve
CVE-2022-23647
2022-02-18 15:15:07
redhat
redhat