nuclei-templates/cves/2022/CVE-2022-0776.yaml

35 lines
869 B
YAML

id: CVE-2022-0776
info:
name: RevealJS postMessage XSS
author: LogicalHunter
severity: medium
description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
reference:
- https://hackerone.com/reports/691977
- https://github.com/hakimel/reveal.js/pull/3137
- https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
classification:
cve-id: CVE-2022-0776
tags: cve,cve2022,headless,postmessage,revealjs
headless:
- steps:
- args:
url: "{{BaseURL}}"
action: navigate
- action: waitload
- action: script
name: extract
args:
code: |
() => {
return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0")
}
matchers:
- type: word
part: extract
words:
- "true"