Cross-site Scripting in reveal.js

2021-05-1018:47:10

Google

osv.dev

0.001 Low

EPSS

Percentile

43.3%

JSON

Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.

CPENameOperatorVersion
reveal.jslt3.9.2

CPE	Name	Operator	Version
	reveal.js	lt	3.9.2

References

hackerone.com/reports/691977

nvd.nist.gov/vuln/detail/CVE-2020-8127

0.001 Low

EPSS

Percentile

43.3%

JSON

Related for OSV:GHSA-6VWX-MWP8-FH44