Vulnerability Details CVE-2024-53386
Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.1%
CVSS Severity
CVSS v3 Score 4.9
References
Products affected by CVE-2024-53386
-
cpe:2.3:a:piqnt:stage.js:0.1.49
-
cpe:2.3:a:piqnt:stage.js:0.2.1
-
cpe:2.3:a:piqnt:stage.js:0.3.0
-
cpe:2.3:a:piqnt:stage.js:0.3.1
-
cpe:2.3:a:piqnt:stage.js:0.4.0
-
cpe:2.3:a:piqnt:stage.js:0.4.1
-
cpe:2.3:a:piqnt:stage.js:0.4.11
-
cpe:2.3:a:piqnt:stage.js:0.4.12
-
cpe:2.3:a:piqnt:stage.js:0.4.13
-
cpe:2.3:a:piqnt:stage.js:0.4.14
-
cpe:2.3:a:piqnt:stage.js:0.4.2
-
cpe:2.3:a:piqnt:stage.js:0.4.5
-
cpe:2.3:a:piqnt:stage.js:0.4.7
-
cpe:2.3:a:piqnt:stage.js:0.4.8
-
cpe:2.3:a:piqnt:stage.js:0.4.9
-
cpe:2.3:a:piqnt:stage.js:0.5.0
-
cpe:2.3:a:piqnt:stage.js:0.6.1
-
cpe:2.3:a:piqnt:stage.js:0.6.2
-
cpe:2.3:a:piqnt:stage.js:0.6.4
-
cpe:2.3:a:piqnt:stage.js:0.6.5
-
cpe:2.3:a:piqnt:stage.js:0.6.6
-
cpe:2.3:a:piqnt:stage.js:0.7.0
-
cpe:2.3:a:piqnt:stage.js:0.7.1
-
cpe:2.3:a:piqnt:stage.js:0.8.0
-
cpe:2.3:a:piqnt:stage.js:0.8.1
-
cpe:2.3:a:piqnt:stage.js:0.8.10
-
cpe:2.3:a:piqnt:stage.js:0.8.2
-
cpe:2.3:a:piqnt:stage.js:0.8.4
-
cpe:2.3:a:piqnt:stage.js:0.8.7
-
cpe:2.3:a:piqnt:stage.js:0.8.8