Moderate severityNVD Advisory· Published Mar 3, 2025· Updated Mar 3, 2025
CVE-2024-53382
CVE-2024-53382
Description
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prismjsnpm | < 1.30.0 | 1.30.0 |
Affected products
12- osv-coords11 versionspkg:apk/chainguard/kibana-8.19pkg:apk/chainguard/kibana-8.19-bitnamipkg:apk/chainguard/kibana-8.19-iamguardedpkg:apk/chainguard/kibana-9.4pkg:apk/chainguard/kibana-9.4-iamguardedpkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:npm/prismjs
< 8.19.3-r1+ 10 more
- (no CPE)range: < 8.19.3-r1
- (no CPE)range: < 8.19.3-r1
- (no CPE)range: < 8.19.3-r1
- (no CPE)range: < 9.4.2-r1
- (no CPE)range: < 9.4.2-r1
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.3-r0
- (no CPE)range: < 2.19.2-r4
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.3-r0
- (no CPE)range: < 1.30.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-x7hr-w5r2-h6wgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-53382ghsaADVISORY
- gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660ghsaWEB
- github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.jsghsaWEB
- github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53dghsaWEB
- github.com/PrismJS/prism/pull/3863ghsaWEB
News mentions
0No linked articles in our index yet.