First published: Mon Mar 03 2025(Updated: )
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PrismJS | <1.29.0 | |
npm/prismjs | <1.30.0 | 1.30.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-53382 has a high severity rating due to its potential for causing DOM Clobbering and XSS vulnerabilities.
To fix CVE-2024-53382, update PrismJS to version 1.29.1 or later, which addresses the vulnerability.
CVE-2024-53382 can be exploited to perform attackers' XSS attacks through untrusted input containing injected HTML.
CVE-2024-53382 affects all versions of PrismJS up to and including 1.29.0.
DOM Clobbering in CVE-2024-53382 refers to the manipulation of the document structure leading to unintended behavior and potential security risks.