PT-2020-14218 · Apple+2 · Safari+4
Masatokinugawa
·
Published
2020-08-07
·
Updated
2020-08-28
·
CVE-2020-15138
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Prism versions 1.1.0 through 1.20.0
Prism Previewers plugin versions 1.10.0 through 1.20.0
Prism Previewer: Easing plugin versions 1.1.0 through 1.9.0
Description
The easing preview of the Previewers plugin has a Cross-Site Scripting (XSS) vulnerability, allowing attackers to execute arbitrary code in Safari and Internet Explorer. This issue impacts all Safari and Internet Explorer users of Prism that use the affected plugins.
Recommendations
For Prism versions 1.1.0 through 1.20.0, update to version 1.21.0 to resolve the issue.
For Prism Previewers plugin versions 1.10.0 through 1.20.0, update to version 1.21.0 to resolve the issue.
For Prism Previewer: Easing plugin versions 1.1.0 through 1.9.0, update to version 1.21.0 to resolve the issue.
As a temporary workaround, consider disabling the easing preview on all impacted code blocks, available for Prism v1.10.0 or newer.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Internet Explorer
Prism
Prism Previewer: Easing Plugin
Prism Previewers Plugin
Safari