id: CVE-2022-0776 info: name: RevealJS postMessage Cross-Site Scripting author: LogicalHunter severity: medium description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. reference: - https://hackerone.com/reports/691977 - https://github.com/hakimel/reveal.js/pull/3137 - https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/ classification: cve-id: CVE-2022-0776 tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs headless: - steps: - args: url: "{{BaseURL}}" action: navigate - action: waitload - action: script name: extract args: code: | () => { return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0") } matchers: - type: word part: extract words: - "true"