Home > Vulnerability Database > CVE-2024-53386

Mend.io Vulnerability Database

CVE-2024-53386

Date: March 2, 2025

Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Severity Score

4.9

Related Resources (5)

Url: https://github.com/piqnt/stage.js

Url: https://gist.github.com/jackfromeast/31d56f1ad17673aabb6ab541e65a5534

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53386

Url: https://github.com/piqnt/stage.js/blob/919f6e94b14242f6e6994141a9e1188439d306d5/lib/core.js#L158-L159

Url: https://www.mend.io/vulnerability-database/CVE-2024-53386

Severity Score

4.9

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53386

Date: March 2, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?