Description
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
Remediation
References
https://hackerone.com/reports/691977
Related Vulnerabilities
CVE-2020-7646 Vulnerability in npm package curlrequest
CVE-2022-21129 Vulnerability in npm package nemo-appium
CVE-2022-24802 Vulnerability in npm package deepmerge-ts
CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.12
CVE-2021-33604 Vulnerability in maven package com.vaadin:flow-server