Bug 2349390 (CVE-2024-53382) - CVE-2024-53382 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin
Summary: CVE-2024-53382 prismjs: DOM Clobbering vulnerability within the Prism library...
Keywords:
Status: NEW
Alias: CVE-2024-53382
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2353484 2353486 2353487
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-03-03 07:01 UTC by OSIDB Bzimport
Modified: 2025-08-01 08:27 UTC (History)
56 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:11749 0 None None None 2025-07-24 15:23:46 UTC
Red Hat Product Errata RHSA-2025:11889 0 None None None 2025-07-28 10:56:32 UTC

Description OSIDB Bzimport 2025-03-03 07:01:00 UTC 
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
Comment 6 errata-xmlrpc 2025-07-24 15:23:41 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 8.1

Via RHSA-2025:11749 https://access.redhat.com/errata/RHSA-2025:11749
Comment 7 errata-xmlrpc 2025-07-28 10:56:28 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 7.1

Via RHSA-2025:11889 https://access.redhat.com/errata/RHSA-2025:11889
Note You need to log in before you can comment on or make changes to this bug.