Lucene search
+L
PrismjsPrism

5 matches found

cve
cve
added 2022/02/18 2:50 p.m.355 views

CVE-2022-23647

Prism.js Prism (command line plugin) is vulnerable to cross-site scripting due to improper escaping when output is inserted into the DOM. Affected versions: prior to 1.27.0 (1.14.0–1.26.x). The vulnerability does not affect Prism’s server-side usage or sites not using the Command Line plugin. The...

7.5CVSS6.5AI score0.01479EPSS
cve
cve
added 2021/06/28 7:15 p.m.194 views

CVE-2021-32723

PrismJS Prism before v1.24.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when highlighting untrusted text. Specifically, ASCIIDoc and ERB are susceptible to crafted input that can cause excessive highlighting time; other languages are not affected. The vulnerability has been fix...

7.4CVSS6.5AI score0.01433EPSS
cve
cve
added 2025/03/03 12:0 a.m.143 views

CVE-2024-53382

PrismJS (Prism) 1.29.0 and earlier is vulnerable to DOM clobbering that can lead to XSS when untrusted HTML containing markup is processed, because document.currentScript can be shadowed by attacker-injected HTML elements. IBM security notes tie CVE-2024-53382 to PrismJS and document the affected...

5.4CVSS6.1AI score0.00301EPSS
cve
cve
added 2021/09/15 12:40 p.m.104 views

CVE-2021-3801

CVE-2021-3801 : Prismjs Prism vulnerable to a denial of service via inefficient regular expression complexity. A crafted input (e.g., crafted HTML comment) can trigger high CPU usage in Prism highlighting. Affected: Prismjs components relying on regex for highlighting. No exploits/vectors detaile...

7.5CVSS6.5AI score0.01045EPSS
cve
cve
added 2021/02/18 4:0 p.m.94 views

CVE-2021-23341

CVE-2021-23341 : PrismJS before 1.23.0 is vulnerable to a Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap, and prism-eiffel components. Connected advisories/tracking confirm the affected package and remediation guidance. Remediation: upgrade PrismJS to v...

7.5CVSS7.5AI score0.03167EPSS