5 matches found
@blackbaud/skyux-lib-code-block (>=2.0.0-rc.2 <=4.0.0), @branchbob/aton (=0.1.5) +52 more potentially affected by CVE-2020-15138 via prismjs (=1.20.0)
prismjs NPM version =1.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on prismjs and may be impacted: - @blackbaud/skyux-lib-code-block =2.0.0-rc.2, =0.1.0, =0.3.0, =0.1.0, =2.5.1-canary.2, =0.0.0-canary-0d962cfee89535eb8a5e91631f82f4b97dd6d1e6,...
CVE-2020-15138
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism =v1.1.0 that use the Previewers plugin...
CVE-2020-15138
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism =v1.1.0 that use the Previewers plugin...
CVE-2020-15138 Cross-Site Scripting in Prism
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism =v1.1.0 that use the Previewers plugin...
CVE-2020-15138
CVE-2020-15138: Prism.js contains an XSS via the Previewers/Easing previews in Prism >=1.1.0 with Previewers plugin (>=1.10.0) or Previewer: Easing (1.1.0–1.9.0). The issue is fixed in Prism 1.21.0. A workaround is to disable easing preview on impacted code blocks if upgrading is not feasib...