wid-sec-w-2026-0592 · Published 2026-03-04 · View on BSI CERT-Bund ↗

Red Hat Developer Hub: Multiple Vulnerabilities

CVSS 7.5 HIGH

Risk Summary

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

CVEs (2)

CVE-2024-53382 CVE-2025-13033

Affected Vendors

Red Hat

Affected Products (2)

Red Hat · Enterprise Linux Developer Hub <1.9.0

Red Hat · Enterprise Linux Developer Hub 1.9.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more