Security Advisory

CVE-2024-53386

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-03 00:00:00

Last updated 2025-03-03 21:55:00

Assigner mitre

State PUBLISHED

Description

Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

← Browse all CVEs View on cve.org ↗