Open mend-for-github-com[bot] opened 2 years ago
The HTML Presentation Framework
Library home page: https://cdnjs.cloudflare.com/ajax/libs/reveal.js/2.4.0/js/reveal.js
Path to vulnerable library: /src/cpp/session/resources/presentation/revealjs/js/reveal.js
Dependency Hierarchy: - :x: **reveal-2.4.0.js** (Vulnerable Library)
Found in HEAD commit: b3d036e0cb4bcb5dd4823827a94b172341b2b069
Found in base branch: main
Affected versions of the package are vulnerable to Cross-site Scripting (XSS).
Publish Date: 2013-10-24
URL: WS-2017-0147
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/hakimel/reveal.js/commit/f1f28f61e608b70f437860e82555e3e4a9abd4b9
Release Date: 2013-10-24
Fix Resolution: 2.6.0
WS-2017-0147 - Medium Severity Vulnerability
The HTML Presentation Framework
Library home page: https://cdnjs.cloudflare.com/ajax/libs/reveal.js/2.4.0/js/reveal.js
Path to vulnerable library: /src/cpp/session/resources/presentation/revealjs/js/reveal.js
Dependency Hierarchy: - :x: **reveal-2.4.0.js** (Vulnerable Library)
Found in HEAD commit: b3d036e0cb4bcb5dd4823827a94b172341b2b069
Found in base branch: main
Affected versions of the package are vulnerable to Cross-site Scripting (XSS).
Publish Date: 2013-10-24
URL: WS-2017-0147
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/hakimel/reveal.js/commit/f1f28f61e608b70f437860e82555e3e4a9abd4b9
Release Date: 2013-10-24
Fix Resolution: 2.6.0