7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.3%
Prism is vulnerable to Cross-Site Scripting. The easing preview of the
Previewers plugin has an XSS vulnerability that allows attackers to execute
arbitrary code in Safari and Internet Explorer. This impacts all Safari and
Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin
(>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0). This
problem is fixed in version 1.21.0. To workaround the issue without
upgrading, disable the easing preview on all impacted code blocks. You need
Prism v1.10.0 or newer to apply this workaround.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | node-prismjs | < any | UNKNOWN |
github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c
github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9
launchpad.net/bugs/cve/CVE-2020-15138
nvd.nist.gov/vuln/detail/CVE-2020-15138
prismjs.com/plugins/previewers/#disabling-a-previewer
security-tracker.debian.org/tracker/CVE-2020-15138
www.cve.org/CVERecord?id=CVE-2020-15138
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.3%