Cyber Resilience

CVE-2024-53388

HighPublic PoC

Published: 03 March 2025

Published
03 March 2025
Modified
07 July 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0033 56.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53388 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Mavo Mavo. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 43.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2024-53388 is a DOM Clobbering vulnerability affecting Mavo version 0.3.2. This flaw allows attackers to execute arbitrary code by supplying a crafted HTML element. The vulnerability is classified under CWE-79 and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, lack of required privileges, and significant impacts on confidentiality, integrity, and availability.

Remote attackers without authentication can exploit this vulnerability by tricking users into interacting with malicious content, such as loading a webpage or resource that incorporates the crafted HTML element in an environment using Mavo. Successful exploitation leads to arbitrary code execution within the victim's browser context, potentially enabling theft of sensitive data, manipulation of application state, or further compromise of the user's session.

For mitigation details, refer to the advisory at https://gist.github.com/jackfromeast/a61a5429a97985e7ff4c1d39e339d5d8, published on 2025-03-03. Security practitioners should assess deployments using Mavo v0.3.2 and apply any recommended updates or input sanitization to prevent exploitation.

EU & UK References

Vulnerability details

A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The DOM Clobbering vulnerability in Mavo enables arbitrary code execution in the browser via crafted HTML supplied to a webpage using the library. This directly facilitates drive-by compromise (T1189) by tricking users into loading malicious content and exploitation for client execution (T1203) in a client-side JS environment.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-67960Shared CWE-79
CVE-2026-7332Shared CWE-79
CVE-2025-23714Shared CWE-79
CVE-2025-46410Shared CWE-79
CVE-2025-68871Shared CWE-79
CVE-2025-30223Shared CWE-79
CVE-2025-22594Shared CWE-79
CVE-2025-23792Shared CWE-79
CVE-2025-24576Shared CWE-79
CVE-2026-32751Shared CWE-79

Affected Assets

mavo
mavo
0.3.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely flaw remediation, directly addressing the DOM Clobbering vulnerability in Mavo v0.3.2 by applying updates or patches to prevent arbitrary code execution.

prevent

SI-10 enforces validation of untrusted inputs, preventing crafted HTML elements from being processed by Mavo and blocking the DOM Clobbering attack vector.

prevent

SI-15 requires filtering of information output, ensuring HTML elements are sanitized before rendering in the browser to mitigate DOM Clobbering exploitation.

References