Cross-site Scripting

Stage.js is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of the global DOM namespace, allowing attacker-injected HTML elements to shadow the document.currentScript lookup and unintended element properties to override JavaScript variables...

DOM Clobbering

PrismJS is vulnerable to DOM Clobbering. The vulnerability is due to attacker-injected HTML elements shadowing the document.currentScript lookup, allowing an attacker to potentially leads to Cross-Site Scripting XSS...

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

GHSA-X7HR-W5R2-H6WG PrismJS DOM Clobbering vulnerability

Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

CVE-2024-53386

CVE-2024-53386 affects Stage.js up to version 0.8.10. The vulnerability arises from a DOM clobbering flaw where the lookup for document.currentScript can be shadowed by attacker-injected HTML elements, enabling XSS on untrusted input that contains HTML but does not itself include JavaScript. The ...