← Back to CVE List

CVE-2022-23647

Published: 2022-02-18T15:15Z
Last Modified: 2024-11-21T06:49Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt