REDHAT-BUG-2349390: XSS
Published Mar 3, 2025
·Updated
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
Affected Software
1 affected component
Prism PrismJS<=1.29.0
Event History
Mar 3, 2025
Data Sourced
via Red Hat·07:01 AM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of REDHAT-BUG-2349390?
The severity of REDHAT-BUG-2349390 is considered high due to its potential for XSS attacks.
2
How do I fix REDHAT-BUG-2349390?
To fix REDHAT-BUG-2349390, update PrismJS to version 1.29.1 or later to mitigate the vulnerability.
3
What type of vulnerability is REDHAT-BUG-2349390?
REDHAT-BUG-2349390 is a DOM Clobbering vulnerability that can lead to cross-site scripting (XSS) attacks.
4
Which versions of PrismJS are affected by REDHAT-BUG-2349390?
PrismJS versions up to and including 1.29.0 are affected by REDHAT-BUG-2349390.
5
How can REDHAT-BUG-2349390 be exploited?
REDHAT-BUG-2349390 can be exploited by injecting crafted HTML elements that shadow the document.currentScript property.