Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oaHFqLWNmangtdmoyNc0vlw
Cross site scripting in reveal.js
The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input to parts using which attacker can execute arbitrary javascript code on victim's browser window hosting reveal.js
Permalink: https://github.com/advisories/GHSA-hhqj-cfjx-vj25JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oaHFqLWNmangtdmoyNc0vlw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-hhqj-cfjx-vj25, CVE-2022-0776
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0776
- https://github.com/hakimel/reveal.js/commit/32cdd3b1872ba8e2267c9e87ae216cb55f40f4d2
- https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001
- https://github.com/advisories/GHSA-hhqj-cfjx-vj25
Blast Radius: 32.6
Affected Packages
npm:reveal.js
Dependent packages: 121Dependent repositories: 220,545
Downloads: 79,147 last month
Affected Version Ranges: < 4.3.0
Fixed in: 4.3.0
All affected versions: 2.5.0, 2.6.0, 2.6.2, 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.0, 4.2.1
All unaffected versions: 4.3.0, 4.3.1, 4.4.0, 4.5.0, 4.6.0, 4.6.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0