Lucene search

K

Veracode Vulnerability DatabaseVERACODE:26314

HistoryAug 11, 2020 - 5:29 a.m.

Cross-Site Scripting (XSS)

2020-08-1105:29:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

42

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

prismjs is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript via the easing preview of the Previewers plugin.

CPENameOperatorVersion
prismjsle1.20.0
prismjsle1.20.0
prismjsle1.20.0
prismjseq1.16.0
prismjsle1.20.0
prismjsle1.20.0
prismjsle1.20.0
prismjseq1.16.0

References

github.com/advisories/GHSA-wvhm-4hhf-97x9

github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c

github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9

prismjs.com/plugins/previewers/#disabling-a-previewer

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

Related for VERACODE:26314

redhatcve1 osv1 debiancve1 cve1 githubexploit1 veracode1 github1 prion1 cvelist1 ubuntucve1 ibm2