admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-53382.md

19 lines
888 B
Markdown
Raw Normal View History

Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### [CVE-2024-53382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53382)
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
![](https://img.shields.io/static/v1?label=Product&message=Prism&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brightgreen)
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### Description
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
### POC
#### Reference
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
- https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
#### Github
- https://github.com/jackfromeast/dom-clobbering-collection
- https://github.com/okalashnikov/t_case
Reference in New Issue Copy Permalink