CVE-2020-8127 - AskarLabs CVE Database

CVE-2020-8127

Vendor N/A

Product reveal.js

Weakness CWE-79 · XSS

Published February 28, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.

Key dates

02Disclosure timeline

February 28, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-8127

Related vulnerabilities

04Related CVE

CVE-2024-10184 SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode CVE-2024-4074 Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php cross site scripting CVE-2022-0937 Stored xss in showdoc through file upload in star7th/showdoc CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2025-11801 AudioTube <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting