CVE-2024-53382 MEDIUM

CVE-2024-53382

Vendor Prismjs
Product Prism
Weakness CWE-94 · Code injection
Published March 3, 2025
Last update March 3, 2025

CVSS base score

4.9/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Key dates

02Disclosure timeline

March 3, 2025 CVE published
March 3, 2025 Record updated