nuclei-templates/cves/2022/CVE-2022-0776.yaml

id: CVE-2022-0776

info:
  name: RevealJS postMessage <4.3.0 - Cross-Site Scripting
  author: LogicalHunter
  severity: high
  description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
  reference:
    - https://hackerone.com/reports/691977
    - https://github.com/hakimel/reveal.js/pull/3137
    - https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0776
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cwe-id: CWE-79
    cve-id: CVE-2022-0776
  tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs

headless:
  - steps:
      - args:
          url: "{{BaseURL}}"
        action: navigate
      - action: waitload
      - action: script
        name: extract
        args:
          code: |
            () => {
            return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0")
            }

    matchers:
      - type: word
        part: extract
        words:
          - "true"

# Enhanced by mp on 2022/09/14
Add revealjs-postmessage-xss.yaml (CVE-2022-0776) (#4490) * Add revealjs-postmessage-xss.yaml * Update revealjs-postmessage-xss.yaml * template id + matcher update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-29 10:39:24 +00:00			`id: CVE-2022-0776`

			`info:`
Dashboard Content Enhancements (#5372) Dashboard Content Enhancements 2022-09-16 19:50:10 +00:00			`name: RevealJS postMessage <4.3.0 - Cross-Site Scripting`
Add revealjs-postmessage-xss.yaml (CVE-2022-0776) (#4490) * Add revealjs-postmessage-xss.yaml * Update revealjs-postmessage-xss.yaml * template id + matcher update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-29 10:39:24 +00:00			`author: LogicalHunter`
Dashboard Content Enhancements (#5372) Dashboard Content Enhancements 2022-09-16 19:50:10 +00:00			`severity: high`
			`description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.`
Add revealjs-postmessage-xss.yaml (CVE-2022-0776) (#4490) * Add revealjs-postmessage-xss.yaml * Update revealjs-postmessage-xss.yaml * template id + matcher update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-29 10:39:24 +00:00			`reference:`
			`- https://hackerone.com/reports/691977`
			`- https://github.com/hakimel/reveal.js/pull/3137`
			`- https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/`
Dashboard Content Enhancements (#5372) Dashboard Content Enhancements 2022-09-16 19:50:10 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2022-0776`
Remove blank cve-id fields from templates. (#4516) * Remove blank cve-id fields from templates. Add cve-id to CVE-2022-0776.yaml * Fix classification spelling 2022-05-31 14:34:35 +00:00			`classification:`
Dashboard Content Enhancements (#5372) Dashboard Content Enhancements 2022-09-16 19:50:10 +00:00			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N`
			`cvss-score: 7.2`
			`cwe-id: CWE-79`
Remove blank cve-id fields from templates. (#4516) * Remove blank cve-id fields from templates. Add cve-id to CVE-2022-0776.yaml * Fix classification spelling 2022-05-31 14:34:35 +00:00			`cve-id: CVE-2022-0776`
Auto Generated CVE annotations [Sat Aug 27 04:41:18 UTC 2022] :robot: 2022-08-27 04:41:18 +00:00			`tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs`
Add revealjs-postmessage-xss.yaml (CVE-2022-0776) (#4490) * Add revealjs-postmessage-xss.yaml * Update revealjs-postmessage-xss.yaml * template id + matcher update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-29 10:39:24 +00:00
			`headless:`
			`- steps:`
			`- args:`
			`url: "{{BaseURL}}"`
			`action: navigate`
			`- action: waitload`
			`- action: script`
			`name: extract`
			`args:`
			`code: \|`
			`() => {`
			`return (Reveal.VERSION <= "3.8.0" \|\| Reveal.VERSION < "4.3.0")`
			`}`

			`matchers:`
			`- type: word`
			`part: extract`
			`words:`
			`- "true"`
Dashboard Content Enhancements (#5372) Dashboard Content Enhancements 2022-09-16 19:50:10 +00:00
			`# Enhanced by mp on 2022/09/14`