Prism Security Vulnerabilities and Issues — Prism CVE List

Lucene search

PrismjsPrism

5 matches found

CVE•added 2022/02/18 3:15 p.m.•267 views

CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into ...

7.5CVSS6.5AI score0.00065EPSS

CVE•added 2021/06/28 8:15 p.m.•159 views

CVE-2021-32723

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been f...

7.4CVSS6.5AI score0.00373EPSS

CVE•added 2020/08/07 5:15 p.m.•85 views

CVE-2020-15138

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin ...

7.5CVSS7.2AI score0.00591EPSS

CVE•added 2021/09/15 1:15 p.m.•77 views

CVE-2021-3801

prism is vulnerable to Inefficient Regular Expression Complexity

7.5CVSS6.5AI score0.00282EPSS

CVE•added 2021/02/18 4:15 p.m.•73 views

CVE-2021-23341

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

7.5CVSS7.5AI score0.01762EPSS