Add revealjs-postmessage-xss.yaml (CVE-2022-0776) (#4490)

* Add revealjs-postmessage-xss.yaml * Update revealjs-postmessage-xss.yaml * template id + matcher update Co-authored-by: sandeep <[email protected]>
projectdiscovery · May 29, 2022 · adc0964 · adc0964
1 parent 3f2ac17
commit adc0964
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/cves/2022/CVE-2022-0776.yaml b/cves/2022/CVE-2022-0776.yaml
@@ -0,0 +1,32 @@
+id: CVE-2022-0776
+
+info:
+ name: RevealJS postMessage XSS
+ author: LogicalHunter
+ severity: medium
+ description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
+ reference:
+ - https://hackerone.com/reports/691977
+ - https:/hakimel/reveal.js/pull/3137
+ - https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
+ tags: cve,cve2022,headless,postmessage,revealjs
+
+headless:
+ - steps:
+ - args:
+ url: "{{BaseURL}}"
+ action: navigate
+ - action: waitload
+ - action: script
+ name: extract
+ args:
+ code: |
+ () => {
+ return (Reveal.VERSION <= "3.8.0" || Reveal.VERSION < "4.3.0")
+ }
+
+ matchers:
+ - type: word
+ part: extract
+ words:
+ - "true"