Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15138

Опубликовано: 07 авг. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin (>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

A flaw was found in nodejs-prismjs. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code.

Отчет

While the grafana containers in OpenShift and ServiceMesh contain the prismjs plugin, they don't package the vulnerable previewer plugin and hence are not affected. The grafana containers in Ceph 3 contain the prismjs plugin, but do not package the vulnerable previewer plugin and are not affected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1servicemesh-grafanaNot affected
Red Hat Ceph Storage 3grafanaNot affected
Red Hat OpenShift Container Platform 3.11openshift3/grafanaNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1867581nodejs-prismjs: xss vulnerability that allows attackers to execute arbitrary code

EPSS

Процентиль: 75%
0.00864
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15138

CVSS3: 7.1
ubuntu
больше 5 лет назад

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

nvd логотип

CVE-2020-15138

CVSS3: 7.1
nvd
больше 5 лет назад

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

debian логотип

CVE-2020-15138

CVSS3: 7.1
debian
больше 5 лет назад

Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...

github логотип

GHSA-wvhm-4hhf-97x9

CVSS3: 7.1
github
больше 5 лет назад

Cross-Site Scripting in Prism

EPSS

Процентиль: 75%
0.00864
Низкий

7.5 High

CVSS3