Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
[
{
"product": "reveal.js",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed version: 3.9.2"
}
]
}
]