UBUNTU-CVE-2020-15138

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-15138

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15138.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-15138

Upstream

CVE-2020-15138

Published

2020-08-07T17:15:00Z

Modified

2025-10-24T04:48:35Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin (>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

References

Affected packages

Ubuntu:20.04:LTS / node-prismjs

Package

Name: node-prismjs
Purl: pkg:deb/ubuntu/node-prismjs@1.11.0+dfsg-3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.0+dfsg-2

1.11.0+dfsg-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-prismjs",
            "binary_version": "1.11.0+dfsg-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15138.json"