Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2025/03/07 8:0 a.m.3 views

Cross-site Scripting

Stage.js is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of the global DOM namespace, allowing attacker-injected HTML elements to shadow the document.currentScript lookup and unintended element properties to override JavaScript variables...

6.1CVSS6.8AI score0.00327EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blogadded 2025/03/03 9:30 a.m.7 views

Stage.js DOM Clobbering vulnerabilty

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

6.1CVSS6.1AI score0.00327EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2025/03/03 9:30 a.m.2 views

GHSA-FP3M-G5RC-4C28 Stage.js DOM Clobbering vulnerabilty

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

4.9CVSS4.9AI score0.00327EPSS
Exploits1References4
OSV
OSVadded 2025/03/03 7:15 a.m.1 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

6.1CVSS4.9AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/03/03 12:0 a.m.2 views

PT-2025-9272 · Stage.Js · Stage.Js

Name of the Vulnerable Software and Affected Versions: Stage.js versions 0.8.10 and earlier Description: The issue allows DOM Clobbering, which can result in XSS for untrusted input that contains HTML but does not directly contain JavaScript. This is because the document.currentScript lookup can ...

6.1CVSS5.5AI score0.00327EPSS
Exploits1References11
CVE
CVEadded 2025/03/03 12:0 a.m.45 views

CVE-2024-53386

CVE-2024-53386 affects Stage.js up to version 0.8.10. The vulnerability arises from a DOM clobbering flaw where the lookup for document.currentScript can be shadowed by attacker-injected HTML elements, enabling XSS on untrusted input that contains HTML but does not itself include JavaScript. The ...

6.1CVSS6.1AI score0.00327EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2025/03/03 12:0 a.m.5 views

CVE-2024-53386

Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

4.9CVSS0.00327EPSS
Exploits1References2
CNNVD
CNNVDadded 2025/03/03 12:0 a.m.1 views

stage.js 代码注入漏洞

stage.js is a Piqnt open source 2D HTML5 rendering and layout engine for game development. A security vulnerability exists in stage.js version 0.8.10 and earlier, which stems from a document.currentScript lookup that can be obscured by an attacker's injected HTML element, resulting in cross-site...

6.1CVSS6.1AI score0.00327EPSS
Exploits1References4
Rows per page
Query Builder