63 matches found
ROOT-APP-NPM-CVE-2024-53382 CVE-2024-53382 in @rootio/prismjs - Patched by Root
Root has patched CVE-2024-53382 in the @rootio/prismjs package for Root:npm. Multiple fixed versions available...
Security Bulletin: There is a vulnerability in prismjs-1.23.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2021-32723)
Summary There is a vulnerability in prismjs-1.23.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2021-32723 DESCRIPTION: Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of...
Malicious Package
Overview prismjs-editor-v1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2021-0662
Malware in sbrugna...
EUVD-2024-53973
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-23341
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service ReDoS via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel...
Security Bulletin: Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering which affects IBM watsonx.data
Summary Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements. These can affect watsonx.data. Vulnerability...
Security Bulletin: IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture.
Summary IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is ...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2024-53382]
Summary IBM Security SOAR uses an older version of prismjs that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack 51.0.6.0 . Vulnerability Details CVEID:CVE-2024-53382...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382.
Summary IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows DO...
DOM Clobbering
PrismJS is vulnerable to DOM Clobbering. The vulnerability is due to attacker-injected HTML elements shadowing the document.currentScript lookup, allowing an attacker to potentially leads to Cross-Site Scripting XSS...
CVE-2024-53382
A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses document.currentScript as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site...
10xanswers (>=1.0.0 <=1.1.16), 24social-ui (>=1.0.0 <=1.0.1) +8200 more potentially affected by CVE-2024-53382 via prismjs (>=0.0.1 <=1.2.0)
prismjs NPM version =0.0.1, =1.0.0, =1.0.0, =0.1.13, =0.3.0, =0.3.0, =0.5.0, =1.0.0, =0.1.0, =0.1.2, =1.0.0, =1.0.23, =1.0.1, =1.0.0, =1.0.3, =1.0.0, =2.0.0-beta.0 and more Source cves: CVE-2024-53382 Source advisory: OSV:GHSA-X7HR-W5R2-H6WG...
GHSA-X7HR-W5R2-H6WG PrismJS DOM Clobbering vulnerability
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
PrismJS DOM Clobbering vulnerability
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
DEBIAN-CVE-2024-53382
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
CVE-2024-53382
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
CVE-2024-53382
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
UBUNTU-CVE-2024-53382
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
Arbitrary Code Injection
Overview org.webjars.npm:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended action...