CVE-2020-15138 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-15138 PUBLISHED

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

EPSS 0.86% · 75.0th percentile

Risk Scores

EPSS Score

0.86%

75.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	node-prismjs	0, 1.11.0+dfsg-2, 1.11.0+dfsg-3

Timeline

Aug 7, 2020 CVE Published
Aug 28, 2020 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-15138 third-party-advisory
https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c third-party-advisory
https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9 third-party-advisory
https://prismjs.com/plugins/previewers/#disabling-a-previewer third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-15138 third-party-advisory

Open in Interactive Console →