Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-53382

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Published

2025-03-03T07:15:33.397

Last Modified

2025-06-27T13:08:24.660

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-94
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	prismjs	prism	≤ 1.29.0	Yes

References

https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660 Exploit, Third Party Advisory, Patch ([email protected])
https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259 Product ([email protected])
https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660 Exploit, Third Party Advisory, Patch (134c704f-9b21-4f2e-91b3-4a467353bcc0)