VYPR

npm package

prismjs

pkg:npm/prismjs

Vulnerabilities (6)

  • CVE-2024-53382Mar 3, 2025
    affected < 1.30.0fixed 1.30.0

    Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

  • CVE-2022-23647Feb 18, 2022
    affected >= 1.14.0, < 1.27.0fixed 1.27.0

    Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text b

  • CVE-2021-3801Sep 15, 2021
    affected < 1.25.0fixed 1.25.0

    prism is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-32723Jun 28, 2021
    affected < 1.24.0fixed 1.24.0

    Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This

  • CVE-2021-23341Feb 18, 2021
    affected < 1.23.0fixed 1.23.0

    The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

  • CVE-2020-15138Aug 7, 2020
    affected >= 1.1.0, < 1.21.0fixed 1.21.0

    Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _P