Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-15138

Опубликовано: 07 авг. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 2.6
CVSS3: 7.1

Описание

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin (>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

РелизСтатусПримечание
bionic

DNE

devel

not-affected

1.11.0+dfsg-4
esm-apps/focal

needed

esm-apps/jammy

not-affected

1.11.0+dfsg-4
esm-apps/noble

not-affected

1.11.0+dfsg-4
esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needed
groovy

not-affected

1.11.0+dfsg-4
hirsute

not-affected

1.11.0+dfsg-4
impish

not-affected

1.11.0+dfsg-4

Показывать по

Ссылки на источники

EPSS

Процентиль: 75%
0.00864
Низкий

2.6 Low

CVSS2

7.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-15138

CVSS3: 7.5
redhat
больше 5 лет назад

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

nvd логотип

CVE-2020-15138

CVSS3: 7.1
nvd
больше 5 лет назад

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

debian логотип

CVE-2020-15138

CVSS3: 7.1
debian
больше 5 лет назад

Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...

github логотип

GHSA-wvhm-4hhf-97x9

CVSS3: 7.1
github
больше 5 лет назад

Cross-Site Scripting in Prism

EPSS

Процентиль: 75%
0.00864
Низкий

2.6 Low

CVSS2

7.1 High

CVSS3