At055612

**Name of the Vulnerable Software and Affected Versions** Prism versions 1.14.0 through 1.26.x **Description** Prism is a syntax highlighting library. The command line plugin can be used by attackers to achieve a cross-site scripting attack due to improper output escaping, leading to input text being inserted into the DOM as HTML code. Server-side usage of Prism and websites not using the Command Line plugin are not impacted. **Recommendations** For versions 1.14.0 through 1.26.x, as a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks by removing all HTML code text from code blocks that use the command line plugin. For all affected versions, update to version 1.27.0 to fix the issue.