Lucene search

Prismjs Security Vulnerabilities

cve

CVE-2020-15138

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin ...

7.5CVSS

7.4AI Score

0.005EPSS

2020-08-07 05:15 PM

cve

CVE-2021-23341

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

7.5CVSS

7.4AI Score

0.007EPSS

2021-02-18 04:15 PM

cve

CVE-2021-32723

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been f...

7.4CVSS

6.3AI Score

0.001EPSS

2021-06-28 08:15 PM

137

cve

CVE-2021-3801

prism is vulnerable to Inefficient Regular Expression Complexity

6.5CVSS

6.4AI Score

0.001EPSS

2021-09-15 01:15 PM

cve

CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into ...

7.5CVSS

6AI Score

0.001EPSS

2022-02-18 03:15 PM

202