DevGuard Logo

/Badge API Programm ZenDiS
Group
/Badge API Documentation
Repository

Overview
Compliance
Code Risks
Dependency Risks
Dependencies

CVE-2024-53382

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Open
LOW (2.3)
  • logo

    System detected CVE-2024-53382 with a risk of 2.29

    main
  • logo

    System removed scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning

    main
  • logo

    System removed scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning

    main

Add a comment

Mark as False Positive
Last calculated at:

Affected component

Logo von npm prismjs

Installed version:
1.29.0
Fixed in:
1.30.0
Show in dependency graph

Quick Fix

Update all Dependencies
Update only prismjs
GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 667098114b5ef45c7830e7aa599604fa65eb818f