EUVD-2024-53972

Malicious code in bioql PyPI...

Cross-site Scripting

Stage.js is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of the global DOM namespace, allowing attacker-injected HTML elements to shadow the document.currentScript lookup and unintended element properties to override JavaScript variables...

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

Stage.js DOM Clobbering vulnerabilty

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

GHSA-FP3M-G5RC-4C28 Stage.js DOM Clobbering vulnerabilty

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

CVE-2024-53386

CVE-2024-53386 affects Stage.js up to version 0.8.10. The vulnerability arises from a DOM clobbering flaw where the lookup for document.currentScript can be shadowed by attacker-injected HTML elements, enabling XSS on untrusted input that contains HTML but does not itself include JavaScript. The ...

PT-2025-9272 · Stage.Js · Stage.Js

Name of the Vulnerable Software and Affected Versions: Stage.js versions 0.8.10 and earlier Description: The issue allows DOM Clobbering, which can result in XSS for untrusted input that contains HTML but does not directly contain JavaScript. This is because the document.currentScript lookup can ...

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

stage.js 代码注入漏洞

stage.js is a Piqnt open source 2D HTML5 rendering and layout engine for game development. A security vulnerability exists in stage.js version 0.8.10 and earlier, which stems from a document.currentScript lookup that can be obscured by an attacker's injected HTML element, resulting in cross-site...