Description
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
Remediation
References
https://hackerone.com/reports/691977
Related Vulnerabilities
CVE-2020-7709 Vulnerability in npm package json-pointer
CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-services
CVE-2021-46708 Vulnerability in npm package swagger-ui-dist
CVE-2020-29204 Vulnerability in maven package com.xuxueli:xxl-job-admin
CVE-2023-0674 Vulnerability in maven package com.xuxueli:xxl-job-core