CVE-2024-53382 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), b…
Medium CVSS: 4.9

CVE-2024-53382

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
Vendor
Prismjs
Product
Prism
CWE
CWE-94
Yayın Tarihi
2025-03-03 07:15:33
Güncelleme
2025-06-27 13:08:24
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-94 Prism MEDIUM Prismjs 2025

Referanslar

https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660 https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259 https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660