Description
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
Remediation
References
https://hackerone.com/reports/691977
Related Vulnerabilities
CVE-2021-23358 Vulnerability in maven package org.webjars.bowergithub.jashkenas:underscore
CVE-2023-34659 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent
CVE-2022-25896 Vulnerability in npm package passport
CVE-2023-26156 Vulnerability in npm package chromedriver
CVE-2020-28426 Vulnerability in npm package kill-process-on-port