2349390 – (CVE-2024-53382) CVE-2024-53382 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin

Bug 2349390 (CVE-2024-53382) - CVE-2024-53382 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin

Summary: CVE-2024-53382 prismjs: DOM Clobbering vulnerability within the Prism library...

Keywords:
Status:	NEW
Alias:	CVE-2024-53382
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2353484 2353486 2353487
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-03 07:01 UTC by OSIDB Bzimport
Modified:	2025-05-06 08:28 UTC (History)
CC List:	58 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-03 07:01:00 UTC

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Note You need to log in before you can comment on or make changes to this bug.

aarif
abarbaro
amctagga
anjoseph
aoconnor
aprice
bkabrda
bniver
caswilli
cdaley
cmiranda
dhanak
dsimansk
eric.wittmann
flucifre
gmalinko
gmeno
janstey
jchui
jeder
jforrest
jhe
jkoehler
jprabhak
jwong
kaycoth
kingland
kshier
ktsao
kverlaen
lball
lchilton
lphiri
matzew
mbenjamin
mhackett
mnovotny
mpierce
nboldt
ngough
nipatil
pantinor
pcongius
pdelbell
pierdipi
pjindal
psrna
rhuss
rkubis
rstepani
sausingh
sfeifer
sostapov
stcannon
ttakamiy
vereddy
veshanka
wtam