@decentralized-identity/sidetree (>=0.10.0-unstable.2b529f0 <=1.0.1-unstable.8507092), spec-up (>=0.9.0 <=0.10.1) +2 more potentially affected by unknown CVE via markdown-it-prism (>=2.0.3 <=2.1.2)

markdown-it-prism NPM version =2.0.3, =0.10.0-unstable.2b529f0, =0.9.0, =1.1.11, =0.10.1, =0.11.1-preview.1 Source cves: unknown CVE Source advisory: SNYK:JS-MARKDOWNITPRISM-1040462...

Cross-site Scripting (XSS)

Overview markdown-it-prism is a The plugin will insert the necessary markup into all code blocks. Include one of Prism’s stylesheets in your HTML to get highlighted code. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to insert malicious JavaScript as...

Cross-site Scripting (XSS)

markdown-it-prism is vulnerable to cross-site scripting XSS. The library does not properly escape the langToUse variable, allowing a malicious user to inject and execute arbitrary Javascript code...