Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/05 12:42 a.m.7 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

6.1CVSS5.8AI score0.00231EPSS
Exploits1References1
NVD
NVD
added 2025/03/03 7:15 a.m.7 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

6.1CVSS0.00231EPSS
Exploits1References2
OSV
OSV
added 2025/03/03 12:0 a.m.4 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

4.9CVSS4.9AI score0.00231EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/03 12:0 a.m.4 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

4.9CVSS4.9AI score0.00231EPSS
Exploits1References2
CVE
CVE
added 2025/03/03 12:0 a.m.48 views

CVE-2024-53386

CVE-2024-53386 affects Stage.js up to version 0.8.10. The vulnerability arises from a DOM clobbering flaw where the lookup for document.currentScript can be shadowed by attacker-injected HTML elements, enabling XSS on untrusted input that contains HTML but does not itself include JavaScript. The ...

6.1CVSS6.1AI score0.00231EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/03 12:0 a.m.8 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

4.9CVSS0.00231EPSS
Exploits1References2
Rows per page
Query Builder