1 results (0.001 seconds)
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53386
https://notcve.org/view.php?id=CVE-2024-53386
03 Mar 2025 — Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. • https://gist.github.com/jackfromeast/31d56f1ad17673aabb6ab541e65a5534 • CWE-94: Improper Control of Generation of Code ('Code Injection') •