Moderate severityNVD Advisory· Published Mar 3, 2025· Updated Mar 3, 2025

CVE-2024-53386

Description

Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
stage-jsnpm	<= 0.8.10	—

Affected products

ghsa-coords
pkg:npm/stage-js
Range: <= 0.8.10
Piqnt/Stage.jsv5
Range: 0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-fp3m-g5rc-4c28ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-53386ghsaADVISORY
gist.github.com/jackfromeast/31d56f1ad17673aabb6ab541e65a5534ghsaWEB
github.com/piqnt/stage.js/blob/919f6e94b14242f6e6994141a9e1188439d306d5/lib/core.jsghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000