5 matches found
EUVD-2022-1442
Malicious code in bioql PyPI...
CVE-2022-0776
Cross-site Scripting XSS - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0...
CVE-2022-0776 Cross-site Scripting (XSS) - DOM in hakimel/reveal.js
Cross-site Scripting XSS - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0...
CVE-2022-0776
The CVE-2022-0776 issue affects reveal.js prior to version 4.3.0 and is described as a DOM-based Cross-Site Scripting (XSS) vulnerability that can be exposed via postMessage handling. Multiple connected sources confirm the vulnerability stems from insufficient input validation/output in Reveal.js...
Cross-site Scripting (XSS) - DOM in hakimel/reveal.js
Description The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input to parts using which attacker can...