5 matches found
CVE-2022-23647
Prism.js Prism (command line plugin) is vulnerable to cross-site scripting due to improper escaping when output is inserted into the DOM. Affected versions: prior to 1.27.0 (1.14.0–1.26.x). The vulnerability does not affect Prism’s server-side usage or sites not using the Command Line plugin. The...
CVE-2021-32723
PrismJS Prism before v1.24.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when highlighting untrusted text. Specifically, ASCIIDoc and ERB are susceptible to crafted input that can cause excessive highlighting time; other languages are not affected. The vulnerability has been fix...
CVE-2024-53382
PrismJS (Prism) 1.29.0 and earlier is vulnerable to DOM clobbering that can lead to XSS when untrusted HTML containing markup is processed, because document.currentScript can be shadowed by attacker-injected HTML elements. IBM security notes tie CVE-2024-53382 to PrismJS and document the affected...
CVE-2021-3801
CVE-2021-3801 : Prismjs Prism vulnerable to a denial of service via inefficient regular expression complexity. A crafted input (e.g., crafted HTML comment) can trigger high CPU usage in Prism highlighting. Affected: Prismjs components relying on regex for highlighting. No exploits/vectors detaile...
CVE-2021-23341
CVE-2021-23341 : PrismJS before 1.23.0 is vulnerable to a Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap, and prism-eiffel components. Connected advisories/tracking confirm the affected package and remediation guidance. Remediation: upgrade PrismJS to v...