CVE-2020-15138

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15138
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15138.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-15138
Aliases
Downstream
Related
Published
2020-08-07T17:15:10.450Z
Modified
2025-11-14T10:50:08.881132Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L CVSS Calculator
Summary
[none]
Details

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin (>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

References

Affected packages

Git / github.com/prismjs/prism

Affected ranges

Type
GIT
Repo
https://github.com/prismjs/prism
Events
Introduced
a6c0d028fdbfc4fca733ad42f86b60189b3772f0
Fixed
187c8a607ee70c7914682870156faa31ed01f001

Affected versions

1.*

1.4.0
1.5.0
1.5.1

v1.*

v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.12.1
v1.12.2
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.17.1
v1.18.0
v1.19.0
v1.2.0
v1.20.0
v1.3.0
v1.4.1
v1.6.0
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15138.json"