id: CVE-2022-0776 info: name: RevealJS postMessage <4.3.0 - Cross-Site Scripting author: LogicalHunter severity: high description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model. reference: - https://hackerone.com/reports/691977 - https://github.com/hakimel/reveal.js/pull/3137 - https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0776 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cwe-id: CWE-79 cve-id: CVE-2022-0776 tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs headless: - steps: - args: url: "{{BaseURL}}" action: navigate - action: waitload - action: script name: extract args: code: | () => { return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0") } matchers: - type: word part: extract words: - "true" # Enhanced by mp on 2022/09/14