CVE-2024-53387

HighPublic PoC

Published: 03 March 2025

Published

03 March 2025

Modified

07 July 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0030 53.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53387 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Umeditor Project Umeditor. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 46.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the DOM clobbering flaw in umeditor v1.2.3 by identifying, patching, or replacing the vulnerable component.

SI-10 Information Input Validation good match

prevent

Validates and sanitizes crafted HTML inputs to the rich text editor, preventing DOM manipulation and arbitrary code execution.

SI-15 Information Output Filtering good match

prevent

Filters and encodes HTML output before rendering in the DOM, blocking execution of malicious scripts from clobbered elements.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

Why these techniques?

Vulnerability enables arbitrary JavaScript execution in browser via DOM Clobbering/XSS, directly mapping to client-side exploitation (T1203) and JavaScript interpreter abuse (T1059.007).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.

Deeper analysisAI

CVE-2024-53387 is a DOM Clobbering vulnerability in umeditor v1.2.3, a web-based rich text editor component. The flaw enables attackers to execute arbitrary code by supplying a crafted HTML element that manipulates the Document Object Model (DOM). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-79 (Improper Neutralization of Input During Web Page Generation, commonly known as cross-site scripting).

Attackers can exploit this vulnerability remotely without authentication privileges, provided a user interacts with the malicious content, such as by loading or rendering a page containing the crafted HTML in an affected umeditor instance. Successful exploitation grants arbitrary code execution in the victim's browser context, resulting in high impacts to confidentiality, integrity, and availability, such as data theft, session hijacking, or further malware delivery.

Mitigation details and proof-of-concept are available in the referenced GitHub Gist at https://gist.github.com/jackfromeast/d52c506113f33b8871d0e647411df894, published alongside the CVE disclosure on 2025-03-03.