← volver
CVE-2024-53386

CVE-2024-53386

CVSS 4.9 MEDIUMEPSS 0.2%CWE-94
Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Productos afectados
Piqnt · Stage.js

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gist.github.com/jackfromeast/31d56f1ad17673aabb6ab541e65a5534https://github.com/piqnt/stage.js/blob/919f6e94b14242f6e6994141a9e1188439d306d5/lib/core.js#L158-L159