Summary IBM Security QRadar EDR Software includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. CWE:CWE-94: Improper Control of Generation of Code ('Code Injection') CVSS Source: [email protected] CVSS Base score: 4.9 CVSS Vector:(CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N) CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to .replace). Generated code is vulnerable if all the following conditions are true: Using Babel to compile regular expression named capturing groups, using the .replace method on a regular expression that contains named capturing groups, and the code using untrusted strings as the second argument of .replace. This problem has been fixed in @babel/helpers and @babel/runtime 7.26.10 and 8.0.0-alpha.17. It's likely that individual…Read More