Cross-site Scripting in reveal.js - reveal.js

Severity:: Medium

Description

Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.

Recommendation

Update the reveal.js package to the latest compatible version. Followings are version details:

Affected version(s): <= 3.9.1
Patched version(s): 3.9.2

References

GHSA-6vwx-mwp8-fh44
hackerone.com
CVE-2020-8127
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Cross site scripting in reveal.js - CVE-2022-0776
Cross-site Scripting in dompurify - dompurify - CVE-2020-26870
Cross-site Scripting in vis-timeline - CVE-2020-28487
Cross-site Scripting (XSS) in Eclipse Theia - CVE-2020-27224

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; reveal.js

Anything's wrong? Let us know Last updated on February 01, 2023