CVE-2024-53386 MEDIUM

CVE-2024-53386

Vendor Piqnt
Product Stage.js
Weakness CWE-94 · Code injection
Published March 3, 2025
Last update March 3, 2025

CVSS base score

4.9/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Key dates

02Disclosure timeline

March 3, 2025 CVE published
March 3, 2025 Record updated