Lucene search
GoogleOSV:GHSA-HHQJ-CFJX-VJ25HistoryMar 02, 2022 - 12:00 a.m.
Cross site scripting in reveal.js
2022-03-0200:00:20
Google
osv.dev
12
0.001 Low
EPSS
Percentile
41.7%
The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker’s input to parts using which attacker can execute arbitrary javascript code on victim’s browser window hosting reveal.js
Related
cve
cve
CVE-2022-0776
2022-03-01 09:15:07
huntr
huntr
Cross-site Scripting (XSS) - DOM in hakimel/reveal.js
2022-02-04 21:53:13
nuclei
nuclei
RevealJS postMessage <4.3.0 - Cross-Site Scripting
2022-05-29 10:39:24
osv
osv
CVE-2022-0776
2022-03-01 09:15:07
github
github
Cross site scripting in reveal.js
2022-03-02 00:00:20
veracode
veracode
Cross-site Scripting (XSS)
2022-03-02 04:02:53
prion
prion
Cross site scripting
2022-03-01 09:15:00
cvelist
cvelist
CVE-2022-0776 Cross-site Scripting (XSS) - DOM in hakimel/reveal.js
2022-03-01 08:40:09
nvd
nvd
CVE-2022-0776
2022-03-01 09:15:07