Home > Vulnerability Database > CVE-2024-53382

Mend.io Vulnerability Database

CVE-2024-53382

Good to know:

Date: March 2, 2025

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Severity Score

4.9

Related Resources (8)

Url: https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259

Url: https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d

Url: https://github.com/PrismJS/prism

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53382

Url: https://security-tracker.debian.org/tracker/CVE-2024-53382

Url: https://github.com/PrismJS/prism/pull/3863

Url: https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660

Url: https://www.mend.io/vulnerability-database/CVE-2024-53382

Severity Score

4.9

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version prismjs - 1.30.0

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53382

Good to know:

Date: March 2, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?