Add revealjs-postmessage-xss.yaml (CVE-2022-0776) (#4490)

* Add revealjs-postmessage-xss.yaml * Update revealjs-postmessage-xss.yaml * template id + matcher update Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-05-29 04:39:24 -06:00 · 2022-05-29 04:39:24 -06:00 · adc0964e3a
parent 3f2ac1768c
commit adc0964e3a
1 changed files with 32 additions and 0 deletions
--- a/cves/2022/CVE-2022-0776.yaml
+++ b/cves/2022/CVE-2022-0776.yaml
@ -0,0 +1,32 @@
+id: CVE-2022-0776
+
+info:
+  name: RevealJS postMessage XSS
+  author: LogicalHunter
+  severity: medium
+  description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
+  reference:
+    - https://hackerone.com/reports/691977
+    - https://github.com/hakimel/reveal.js/pull/3137
+    - https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
+  tags: cve,cve2022,headless,postmessage,revealjs
+
+headless:
+  - steps:
+      - args:
+          url: "{{BaseURL}}"
+        action: navigate
+      - action: waitload
+      - action: script
+        name: extract
+        args:
+          code: |
+            () => {
+            return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0")
+            }
+
+    matchers:
+      - type: word
+        part: extract
+        words:
+          - "true"