PT-2025-9273 · Prism+1 · Prism+1
Jackfromeast
·
Published
2025-03-03
·
Updated
2026-06-04
·
CVE-2024-53382
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Prism (aka PrismJS) versions prior to 1.29.0
Description
The issue allows DOM Clobbering, which can result in XSS for untrusted input that contains HTML but does not directly contain JavaScript. This occurs because the
document.currentScript lookup can be shadowed by attacker-injected HTML elements.Recommendations
For Prism (aka PrismJS) versions prior to 1.29.0, update to version 1.29.0 or later to resolve the issue.
Exploit
Fix
Code Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Prism