Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/03/05 12:42 a.m.8 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

6.1CVSS5.8AI score0.00231EPSS
Exploits1References1
nvd
nvd
added 2025/03/03 7:15 a.m.7 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

6.1CVSS0.00231EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/03/03 12:0 a.m.4 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

4.9CVSS4.9AI score0.00231EPSS
Exploits1References2
cve
cve
added 2025/03/03 12:0 a.m.50 views

CVE-2024-53386

CVE-2024-53386 affects Stage.js up to version 0.8.10. The vulnerability arises from a DOM clobbering flaw where the lookup for document.currentScript can be shadowed by attacker-injected HTML elements, enabling XSS on untrusted input that contains HTML but does not itself include JavaScript. The ...

6.1CVSS6.1AI score0.00231EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/03/03 12:0 a.m.9 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

4.9CVSS0.00231EPSS
Exploits1References2
osv
osv
added 2025/03/03 12:0 a.m.4 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

4.9CVSS4.9AI score0.00231EPSS
Exploits1References4
Rows per page
Query Builder