CVE-2024-53386

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Stage.js versions 0.8.10 and earlier

Description The issue allows DOM Clobbering, which can result in XSS for untrusted input that contains HTML but does not directly contain JavaScript. This is because the document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Recommendations For Stage.js versions 0.8.10 and earlier, as a temporary workaround, consider restricting the use of document.currentScript until a patch is available.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2024-53386

GHSA-FP3M-G5RC-4C28

Affected Products

Stage.Js

CVE-2024-53386

Weakness Enumeration

Related Identifiers

Affected Products

References · 11