2022-05-29 10:39:24 +00:00
id : CVE-2022-0776
info :
2022-09-16 19:50:10 +00:00
name : RevealJS postMessage <4.3.0 - Cross-Site Scripting
2022-05-29 10:39:24 +00:00
author : LogicalHunter
2023-04-28 13:11:35 +00:00
severity : medium
2022-09-16 19:50:10 +00:00
description : RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
2023-09-06 11:59:08 +00:00
remediation : |
Upgrade to RevealJS postMessage version 4.3.0 or later to mitigate this vulnerability.
2022-05-29 10:39:24 +00:00
reference :
- https://hackerone.com/reports/691977
- https://github.com/hakimel/reveal.js/pull/3137
- https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
2022-09-16 19:50:10 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-0776
2023-07-11 19:49:27 +00:00
- https://github.com/hakimel/reveal.js/commit/32cdd3b1872ba8e2267c9e87ae216cb55f40f4d2
2022-05-31 14:34:35 +00:00
classification :
2023-07-11 19:49:27 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
2022-05-31 14:34:35 +00:00
cve-id : CVE-2022-0776
2023-07-11 19:49:27 +00:00
cwe-id : CWE-79
2023-10-14 11:27:55 +00:00
epss-score : 0.001
2024-01-14 13:49:27 +00:00
epss-percentile : 0.40832
2023-09-06 11:59:08 +00:00
cpe : cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
2023-07-11 19:49:27 +00:00
metadata :
vendor : revealjs
product : reveal.js
2023-09-06 11:59:08 +00:00
framework : node.js
2024-01-14 09:21:50 +00:00
tags : cve,cve2022,hackerone,huntr,headless,postmessage,revealjs,node.js
2022-05-29 10:39:24 +00:00
headless :
- steps :
- args :
url : "{{BaseURL}}"
action : navigate
2023-07-11 19:49:27 +00:00
2022-05-29 10:39:24 +00:00
- action : waitload
2023-07-11 19:49:27 +00:00
2022-05-29 10:39:24 +00:00
- action : script
name : extract
args :
code : |
() => {
return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0")
}
matchers :
- type : word
part : extract
words :
- "true"
2024-01-26 08:31:11 +00:00
# digest: 4a0a00473045022015776ab1f8ee5f7cbd078059bc34167a0b8ca0a11a1bda34723f7ec03d31b6c302210098d1c6a54ecbafb3158390aea2498590fe70df9d78d3266d388274859a641533:922c64590222798bb761d5b6d8e72950