Description
The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer.
This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin (>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0).
Recommendation
Update the prismjs package to the latest compatible version. Followings are version details:
- Affected version(s): >= 1.1.0, < 1.21.0
- Patched version(s): 1.21.0
References
Related Issues
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) - CVE-2019-10744
- PrismJS DOM Clobbering vulnerability - CVE-2024-53382
- jquery-validation vulnerable to Cross-site Scripting - CVE-2025-3573
- @mozilla/readability Denial of Service through Regex - CVE-2025-2792
- Tags:
- npm
- prismjs
Anything's wrong? Let us know Last updated on January 09, 2023